The information security function fully meets needs in only 17 percent of organizations, according to EY’s 16th annual Global Information Security Survey 2013, which tracks the level of awareness and action in response to cyber threats, canvassing the opinion of more than 1,900 senior executives globally.

This year, the results show that as companies continue to invest heavily to protect themselves against cyber attacks, the number of breaches is on the rise, and it is not long a question of if, but when, a company will be the target.

Thirty-one percent of respondents report that the number of security incidents within their organization has increased by at least five percent over the last 12 months. Many have realized the extent and depth of the threat posed by these incidents, resulting in information security now being “owned” at the highest level within 70 percent of the organizations surveyed, the report notes.

In 2012, none of the information security professionals surveyed reported to senior executives. In 2013, that jumped to 35 percent.

Despite half of respondents planning to increase their budget by five percent or more in the next 12 months, 65 percent cited an insufficient budget as their top challenge to operating at the levels the business expects, and among organizations with revenues of $10 Million or less, this figure rises to 71 percent.