There’s a clear lack of accountability, especially on the board and among C-suite executives, and a lack of confidence in determining the efficacy of security technologies.

AttackIQ and Ponemon Institute surveyed 577 IT and IT security practitioners in the United States who are knowledgeable about their organizations’ IT security strategy, tactics, and technology investments.

“Enterprise culture is formed at the top. If enterprise leaders are not actively engaged in ensuring a strong cybersecurity posture, it sends the message that cybersecurity is not a mission critical issue,” said Larry Ponemon, chairman of Ponemon Institute.