The 2016 Black Hat Attendee Survey was published in advance of the 2016 Black Hat Conference. Not surprisingly, the respondents to the survey conveyed an increased concern regarding security breaches versus 2015. An alarming 72% of respondents believe it likely that their organizations will have to deal with a major data breach in the year ahead. Of those, 15% had “no doubt” that they will need to respond to a major security breach, and 25% said it was “very likely” that they will face a major security breach. Startlingly, 74% of respondents said that they did not have enough staff to face the threats they expect to encounter. Even more startling, 67% of respondents stated that they themselves do not have enough training to do their jobs. There is also a significant gap in the vulnerabilities the respondents face, with social engineering, including phishing, and sophisticated attacks targeting the organization being the top two, and where security professionals are spending their time and resources – measuring risk, managing compliance with industry and regulatory requirements and troubleshooting vulnerabilities. The results of the survey paint a picture of organizations that are struggling to protect information and systems, but do not have the resources or guidance to provide the appropriate protections. There are Federal, State, and Municipal rules on fire safety. Every company has a sophisticated fire prevention, response and remediation plan. There are governmental and independent fire agencies. A call to 911 brings prompt and sophisticated help. Insurance companies play a major role in remediation assistance. It is time to treat cyber risk like we treat fire risk.