Information technology professionals may worry a lot about cloud security, but a new survey indicates they’re doing little about it.

The survey of more than 3,000 IT professionals by cloud access security broker Bitglass Inc. found that only 24 percent of organizations routinely monitor software-as-a-service and infrastructure-as-a-service accounts. That’s despite the fact that 87 percent said they were victims of a cyber attack last year and nearly a third said they were at attacked more than five times. The latter figure is twice the percentage of organizations that reported five or more attacks in the same survey three years ago.

The survey results were released one week after the most recent IBM X-Force Threat Intelligence Index reported that the number of records compromised globally in 2016 grew nearly sevenfold, to 4 billion from 600 million a year earlier.

When it comes to security, IT organizations focus on what they know best. Sixty percent of respondents said they do a good job of protecting desktops, laptops and the network perimeter. However, only 36 percent monitor mobile devices. It’s not that they aren’t aware of the need, though. Asked to rate their ability to defend various areas of their infrastructure against cyber threats, respondents rated mobile devices last. Overall, they felt most confident in their ability to protect servers, data stores and the network perimeter.

Security budgets appear to be on the way up, with more than half of respondents saying they plan to increase security spending and only 8 percent planning to spend less. One-third of organizations rated IaaS security as their top priority, followed closely by SaaS security at 31 percent. Top security concerns are phishing (rated number one by 37 percent of respondents), followed closely by insider threats and malware.

The survey offers some heartening news on the ransomware front. More than 54 percent of respondents said they have managed to recover data following an attack without paying a ransom.

The Bitglass survey found that 62 percent of cloud-using organizations say improved threat detection is the most critical way to deflect attacks. Among organizations that have adopted the cloud, 72 percent want better data encryption, 60 percent desire traffic encryption and 56 percent plan to improve access controls. The top cloud-specific concerns are data leakage (cited by 57 percent), data privacy (49 percent), confidentiality (47 percent) and compliance (36 percent).

Image: Bitglass