80 percent of IT business leaders anticipate a critical breach or successful cyberattack over the coming year, says a new survey.

Commissioned by Trend Micro, The Ponemon Institute conducted the CRI survey to measure business risk based on the difference between organizations’ current security posture and their likelihood of attack, with the goal of helping CISOs and their teams better assess, protect, detect, respond, and recover from serious cyber threats. The survey will be issued twice a year to observe trends and changes in business cyber risk.

“The overall Cyber Risk Index shows companies are at an elevated risk for cyberattack because critical data, operations, infrastructure and human capital are not well prioritized and protected,” says Jon Clay, director of global threat communications for Trend Micro. “We designed the CRI to help security leaders improve their visibility of cyber risks so they can better prepare against attacks. Additionally, understanding the key areas of risk can enable companies to provide better security while also meeting regulatory requirements.”

Respondents to the survey ranked research and development information, trade secrets, customer accounts, and other confidential information as the highest risk of loss when a breach occurs. This highlights a critical gap between data criticality and the protection measures in place to ensure their safety.

Additionally, the ability to securely implement disruptive technologies like mobile, cloud, and IoT devices was a great concern to those surveyed, along with detecting zero-day attacks. However, respondents positively reported that their CISOs have enough authority and resources to achieve a strong security posture.

“At its core, the Cyber Risk Index captures benchmarks derived from surveys compiled from IT and IT security practitioners in small, medium, and large companies,” says Larry Ponemon, chairman and founder of the Ponemon Institute. “Over time, these benchmarks can be used to pinpoint trends that will help CISOs proactively manage risks within the ever-changing cybersecurity ecosystem.”

A primary cause of these risks was found to be complex, misaligned organizations with a lack of security connectivity, scalability and agility, and too few qualified people to manage security systems.