Seventy-seven percent of C-level executives in a 115-person survey conducted in the U.K. say their organization has experienced a data breach at some point and all of them report attacks targeting corporate data in the past 12 months.

These findings come from a study released on Wednesday by IBM, a company that sells data protection services, and The Ponemon Institute, a privacy and information management research organization.

Larry Ponemon, founder of the group that bears his name, said that survey shows a shift in the way C-level executives think about security software. Investing in data protection, he said, is now seen as less expensive than recovering from a data breach.

Data protection initiatives on average, according to the survey, result in a cost savings or revenue improvement of £11 million ($16 million) for organizations.

Perhaps more surprising than the revelation that security matters is the finding that while 75% of respondents see the CIO as the person responsible for data protection, 82% of respondents believe that the failure to stop a data breach would not result in the firing of the CIO.

This suggests either that respondents' beliefs about responsibility are misplaced or that few believe anyone can orchestrate a completely successful defense against cyber attacks, making firing for an inevitable outcome pointless.

As it turns out, the latter interpretation seems to be supported by the study: Over 27% of the respondents doubted that their organizations could avoid a data breach in the next 12 months.

CEOs appear to be more confident than the broader set of executives questioned, with only 10% expressing doubt about avoiding a data breach.

On a related note, CEOs appear to be less well-informed than other executives about the prevalence of online attacks.

"[O]nly 18% of CEOs believe attacks on data happen hourly or even more frequently, while 34% of other C-level executives believe this to be true," the study says.