According to the results of a recent Spiceworks survey of 197 IT professionals, 80 percent of respondents acknowledged having experienced a cyber security incident in 2015.
Fifty-one percent of respondents had experienced malware attacks in 2015, 38 percent experienced phishing attacks, and 34 percent experienced spyware attacks.
When looking ahead to the coming year, there were some disconnects between past experience and future concerns -- while 53 percent of respondents said they're concerned about ransomware in 2016, only 20 percent experienced a ransomware incident in 2015.
Similarly, while 39 percent of respondents expressed concern about data theft in 2016, only 5 percent experienced a breach resulting in data theft in 2015. And while 37 percent said they're concerned about a password breach in the coming year, only 12 percent experienced a password breach in 2015.
Fully 71 percent of respondents expect their organizations to be more secure in 2016.
"The results show that IT professionals feel responsible for the security of their organization's data, and in a world where technology is getting more complex and organizationally distributed, their jobs aren’t getting any easier," Spiceworks vice president of marketing Sanjay Castelino said in a statement.
"In reaction to these challenges, they're being more proactive about preventing security incidents and breaches by learning about new threats, regularly educating employees about risks, and investing in more advanced security solutions," Castelino added.
When asked what types of attackers they're most concerned about, 49 percent said they're concerned about independent hackers, 36 percent said rogue employees, 25 percent said organized crime groups, 12 percent said they're concerned about cyber-terrorist gropus and state-sponsored hackers, and just 10 percent said they're concerned about hacktivists.
Eighty percent of the IT professionals surveyed said end users represent the biggest challenge to their organization's cyber security.
In response to that concern, 73 percent of IT pros are enforcing end user security policies, and 72 percent regularly providing security training to employees on topics like malware and phishing scams.
Similarly, 66 percent of IT professionals are taking time to learn about new threats, and 60 percent say they regularly evalute new security solutions.
Recent eSecurity Planet articles have examined the benefits of providing security training to employees and offered advice on improving database security.