Data security breaches can negatively impact an entire organization—including sales, marketing and IT—and have a significant negative impact on company finances and shareholder value, but a new survey from security company Centrify found that 66 percent of IT practitioners don’t believe the company’s brand is their responsibility.

The study found that the among 113 companies, data breaches resulted in 7% customer churn, while 31% of consumers impacted by a breach said they discontinued their relationship with an organization that experienced a data breach.

“Data breaches are very real business and bottom line concerns,” said Tom Kemp, CEO of Centrify. “The fallout can be significant and may even be a reason to relieve the C-Suite of its duties. Security isn’t just about protecting data, it’s about protecting the business. It is no longer just an IT problem—it must be elevated to the C-suite and boardroom because it requires a holistic and strategic approach to protecting the whole organization.”

The Impact of a Data Breach on Reputation and Share Value study, conducted by Ponemon Institute, surveyed 448 individuals in IT operations and information security, 334 senior level marketers and corporate communication professionals and 549 consumers.

More than half (56%) of IT practitioners are not confident they have the ability to prevent, detect and resolve the consequences of a data breach and more than half fear a breach will cost them their job. By contrast, 63 percent of CMOs are far more optimistic their company would quickly recover from a serious breach.

But only 20 percent of CMOs and 5 percent of IT practitioners say they would be concerned about a decline in their companies’ stock price.

The survey also found a disconcerting gap between consumer expectations and corporate perspective when it comes to the protection of customers’ personal information. So while 80% of consumers believe organizations have an obligation to take reasonable steps to secure their personal information. However, only 65% of CMOs and 64% of IT professionals agree.

And while 70% of consumers believe organizations have an obligation to control access to their information, less than half of CMOs and IT security practitioners believe this is an obligation.