According to the results of a recent survey of 150 data security professionals in the U.S. and Canada, 62 percent of respondents have no idea where their most sensitive unstructured data resides, and 66 percent don't classify this data properly.

The survey, conducted by Forrester Consulting on behalf of Varonis Systems, also found that while 76 percent of respondents believe in the maturity of their data security strategy, 93 percent say they face persistent technical challenges in protecting data.

Key challenges listed include keeping up with evolving cyber threats, encrypting data, dealing with disparate products that don't communicate, and controlling access to data.

Ninety percent of respondents experience organizational challanges that make it hard for them to secure data efficiently, including an inability to keep up with the regulatory landscape, insufficient processes to support data security, and lack of budget for technology.

Just 34 percent of data security professionals know where their corporate data in the cloud is located, and just 36 percent audit all use of customer data and analyze it for abuse.

Separately, a recent Radware survey of 598 cyber security professionals found that 49 percent of businesses were hit by cyber ransom attacks in 2016.

Half of all respondents said their organization experienced a malware or bot attack in the past year, and 55 percent said IoT devices complicate their detection or mitigation requirements, since they increase the surface of the attack landscape.

Forty-one percent of respondents reported that ransom was the top motivation behind the cyber attacks they experienced in 2016, followed by insider threats (27 percent), political hacktivism (26 percent) and competition (26 percent).

Strikingly, 40 percent of organizations don't have an incident response plan in place, and 70 percent don't have cyber insurance.

"Threat actors have a single focus, to develop the best tools possible to either disable an organization or steal its data," Radware vice president of security solutions Carl Herberger said in a statement. "Businesses focus on delivering the highest value to their customers. In order to deliver that value, security must be woven into the customer experience for a company to truly succeed. Without this change in thinking, organizations will remain vulnerable."

A separate survey of 618 cyber security professionals at U.S. organizations found that while 66 percent of respondents identify ransomware as a serious threat, just 13 percent say their company is prepared to handle it -- and 48 percent of companies infected by ransomware end up paying the ransom to retrieve their data.

Respondents whose organizations were hit by ransomware attacks said an average of 42 hours were spent dealing with and containing a ransomware incident.

The survey, conducted by the Ponemon Institute and sponsored by Carbonite, also found that 68 percent of respondents at companies that have experienced a ransomware attack say it's essential (30 percent) or very important (38 percent) to have a full and accurate backup as a defense against such attacks.

Just 27 percent of respondents are confident their current anti-virus software will protect their company from ransomware.

"This study reveals a startling prevention gap: most businesses are either underprepared for an attack -- or even worse -- underestimate the risk ransomware places on their broader organizations," Ponemon Institute chairman and founder Dr. Larry Ponemon said in a statement.

Photo courtesy of Shutterstock.