Despite improvements in cybersecurity efforts, IT security professionals still struggle to protect their organizations from breaches, according to a Tuesday report from McAfee. Some 61% of IT security pros said they have experienced a serious data breach at their current employer. These breaches are becoming a more serious issue, as hackers increasingly target intellectual property, putting a company’s reputation and finances at risk, the report noted.

Cybercriminals are using a wider variety of methods to steal corporate data, the report found. The top vectors used to do this today are database leaks (38%), network traffic (37%), file shares (36%), and corporate email (36%).

SEE: You’ve been breached: Eight steps to take within the next 48 hours (free PDF) (TechRepublic)

When a breach does occur, IT teams are often blamed, as 52% of respondents said IT was at fault for creating the most data leakage events, the report found. However, a rift exists in terms of cybersecurity accountability: 55% of IT professionals said they believed that C-level executives should lose their jobs if a breach is serious enough, yet 61% also said that C-level executives they work with expect more lenient security policies for themselves, the report found. This disparity in expectations results in more breaches 65% of the time, IT professionals reported.

“Threats have evolved and will continue to become even more sophisticated,” Candace Worley, vice president and chief technical strategist at McAfee, said in a press release. “Organizations need to augment security measures by implementing a culture of security and emphasizing that all employees are part of an organization’s security posture, not just the IT team. To stay ahead of threats, it is critical companies provide a holistic approach to improving security process by not only utilizing an integrated security solution but also practicing good security hygiene.”

A strong cybersecurity strategy that can reduce the risk of a breach must include a combination of software solutions, employee training, and a security-focused culture, according to the report.

For more on how to create a cybersecurity strategy, check out TechRepublic’s Special report: A winning strategy for cybersecurity.