A Kaspersky Lab and B2B International survey of worldwide IT professionals has found that 94 percent of organizations had encountered at least one cybersecurity incident within the past 12 months.

The number of attacks that were targeted to an organization rose substantially year-over-year, with 12 percent of respondents indicating that they experienced at least one targeted attack in the past year, compared with 9 percent in Kaspersky Lab's 2012 and 2013 studies.

Targeted attacks have the potential to be the most crippling to an organization. Damages from one successful targeted attack could cost a company as much as $2.54 million for enterprises and $84,000 for small businesses.

This takes into account both the losses connected directly to the targeted attack and the expenses a company incurs after the incident, including the loss of business opportunities (tarnished reputation, breach of contracts resulting from the incident, etc.), investment in services and solutions to prevent additional incidents, and extra security training for both IT staff and company employees.

While the threat of a targeted attack is prevalent for both enterprises and small businesses, the survey found that large companies in particular see targeted attacks as a major threat; 38 percent of companies with 1,500 to 5,000 employees, and 39 percent of companies with more than 50,000 employees naming targeted attacks as their number one concern.

Midsize and small businesses were only moderately less concerned with 34 percent of the respondents naming protection against targeted attacks as a key priority.

The survey also found that organizations both large and small are worried about losing sensitive company data to a targeted attack. More than one-third (34 percent) of companies named the protection of confidential data (client data, financial data, and other kinds of information) against targeted attacks as a key problem for IT management teams.

Kaspersky Lab Managing Director for North America Chris Doggett said that companies need to be more aggressive in responding to threats:

The survey results clearly indicate that many businesses now recognize that the threat of a targeted attack is very real and could be very harmful for their organization. However, we are seeing that the number of companies that are actually taking that knowledge and turning it into an action to protect their organization from such attacks is still alarmingly low. With major breaches being reported regularly now, it is critical for businesses of all sizes to make protection of their IT infrastructure their top priority, especially given the damages that arise from each successful targeted attack.