Cyberattacks on businesses are becoming more frequent and more expensive. In 2019 more than half (53 percent) of firms reported experiencing at least one attack — an increase over the year before, during which 38 percent of companies fell victim. What’s especially alarming was the average cost of a cyber incident for U.S. companies: $119,000, as reported by Bloomberg.

Many people are left scratching their heads upon hearing this, likely wondering why the advent of more advanced security technology isn’t causing these figures to drop. The problem is hackers also have access to increasingly advanced tech, while companies have ever larger networks to defend.

Here are four more reasons why hackers keep succeeding at enterprise data breaches, underscoring how important it is for businesses of all sizes to take these threats seriously and do everything they can to prevent them from finding their marks.

Reason #1: Lack of Cybersecurity Investment Up Top

Oftentimes the IT specialists working directly with cybersecurity systems and the leaders approving enterprise budgets are different. As a result, a gulf may form between them, making it difficult for IT teams to secure the funding they believe is necessary to adequately mitigate cyberattacks.

The C-suite may ask for a highly specific return on investment (ROI) justification, which is often difficult to provide ahead of an attack. Business leaders may want a set-in-stone guarantee — if they devote X dollars to cybersecurity, there’ll be a zero-percent chance of a breach. Or, as Security Magazine outlines, cybersecurity may become merely a line item on a much broader IT budget — meaning it’s underfunded. Alignment of IT and business teams is a must.

Reason #2: Attack Surfaces Keep Growing

In the past, IT teams could focus primarily on securing servers and devices on-premises. But now, thanks to the rapid adoption of cloud applications and the proliferation of new devices accessing the network remotely, the challenge looms larger.

Companies must secure their legitimate assets; the devices and servers under their direct control, even while also accounting for Shadow IT — devices and software utilized by employees and partners outside the scope of traditional IT, often without express permission.

There are absolute advantages when users can employ flexible devices and programs on their own terms from afar, but this means IT is trying to safeguard an ever-growing attack surface.

Reason #3: Disparate Security Solutions May Leave Gaps

Cybersecurity often feels like it grows as it goes. Companies patch together some combination of security solutions — whether they manage IT in the house or outsource it to one or more vendors. Problems arise when disparate security solutions leave gaps enterprising hackers can exploit to gain entrance and lurk undetected for weeks or even months.

As Cyber Defense Magazine writes, “the more the merrier” is not an effective line of thinking when it comes to cybersecurity. Having multiple security vendors tends to lead to overcomplication. A better, more streamlined approach is to choose a single vendor offering multiple vulnerability management tools under a unified umbrella.

Reason #4: Users Inadvertently Make Networks Vulnerable

Last but certainly not least, companies may underestimate the need for cybersecurity training and awareness for all users. Employees may inadvertently usher hackers into the network by setting weak passwords, downloading malware or engaging with spear-phishing campaigns.

It’s the responsibility of enterprises and cybersecurity experts to ensure all users have the software they need to filter out a majority of attempted attacks, as well as the training they need to avoid risky behaviors.

Hackers will keep succeeding at enterprise data breaches, but businesses can shore up their networks by increasing employee awareness, consolidating security efforts, keeping tabs on shadow IT and investing in the cybersecurity systems needed to mitigate risk.