Attacks like Petya and NotPetya suggest that the impact scale is increasing dramatically. The recent leak of government-developed malware and hoarded vulnerabilities has given cybercriminals greater capabilities. IT is struggling to keep pace with the flow of important security software patches and updates, and the continued adoption of new technologies like the internet of things (IoT) creates new vulnerabilities to contend with.

All this has driven many companies to do some soul searching about how they address cybercrime threats, according to a new survey from CSO. Its results provide insight into not only the nature and scope of the threats that U.S. businesses face, but exactly how those businesses are responding.

The 2017 U.S. State of Cybercrime survey is conducted annually by CSO in partnership with the US Secret Service and CERT at the Software Engineering Institute at Carnegie Mellon University. This year's survey is sponsored by Forcepoint. Of the 510 respondents, 70 percent were at the vice president level or higher across all industries and the public sector, including the 35 percent in corporate management. The average IT security budget of the companies represented is $11 million.