According to a 2017 Black Hat Attendee Survey, cyberattacks on U.S. enterprise and critical infrastructure are coming soon, and in most cases defenders are not prepared. Published for this year’s Black Hat event in Las Vegas, a report titled “Portrait of an Imminent Cyberthreat,” portrays a dark picture of tomorrow’s cyber defenses. “In essence, the survey is a warning from the industry’s most experienced and responsible IT security professionals that successful cyber attacks on essential infrastructure and business could be imminent, but defenders do not have the resources and training they need to efficiently respond.”

Other findings from the survey include:

— 60% of respondents believe that a successful cyber attack on US critical infrastructure will occur in the next two years. Only 26% are confident that U.S. government and defense forces are equipped and trained to respond appropriately.

— 69% of IT security professionals believe that state-sponsored hacking from countries such as Russia and China has made US enterprise data less secure.

— Only 26% of information security pros believe that the new White House administration will have a positive impact on cybersecurity policy, regulation, and law enforcement over the next four years.

— About two-thirds of respondents think it’s likely that their own organizations will have to respond to a major security breach in the next 12 months. Sixty-nine percent say they don’t have enough staff to meet the threat; 58% believe they don’t have adequate budgets.

— IT security professionals’ greatest concerns are around phishing and social engineering (50%) and sophisticated attacks targeted directly at their own organizations (45%).

— The increased use of ransomware remains the most serious new threat faced by cybersecurity professionals, cited by 36% of respondents.