More studies are confirming that cybersecurity is starting to achieve bigger mind share with leaders. Since last week’s revelation in the WEF Global Risks report that cyberattacks and data breaches had taken fourth and fifth position in the list of global threats, two more reports have confirmed that the threat of cyberattacks is a growing concern.

The Conference Board announced this week that US CEOs are more concerned about cybersecurity than a recession–although that finding didn’t bear out globally. Fortune reports, “Domestic CEOs don’t find heavy economic headwinds their biggest external business worry, according to a new survey by the Conference Board. Instead, it’s cybersecurity followed by new competitors. Risk of a recession is third.”

Worryingly, that same report shows that despite the fact that cybersecurity is at least a top-10 concern globally, complying with regulations to prevent data theft and protect victims was not. “Appearing on the list of internal issues, U.S. CEOs put it at 12, while in Japan and China, CEOs said 13. In Europe, with the sweeping General Data Protection Regulation, or GDPR, CEOs ranked it as the eighth most concerning issue, as did executives in Latin America,” writes Fortune.

Adding to the perspective, Deloitte released the results of their Global Risk Management Survey today, which captured the views of 94 financial institutions across the world, spanning multiple sectors. The report found that most (67%) see cybersecurity as a leading critical concern on the rise. “Sixty-seven percent of respondents named cybersecurity as one of the three risks that would increase the most in importance for their business over the next two years, far more than for any other risk,” says the report.

Unfortunately, that same report found that only about half of the respondents believe their organizations are addressing that risk effectively. That confidence in their organizations’ effectiveness dropped to about a third when asked about managing threats from nation-state actors or third-party providers.

The good news from the Deloitte survey is that governance issues related to cybersecurity are becoming less challenging. Key findings from the report: getting the businesses to understand their role in cybersecurity risk (31 percent, down from 47 percent), setting an effective multi-year cybersecurity risk strategy approved by the board (31 percent, down from 53 percent), and securing ongoing funding/investment (18 percent, down from 38 percent).

While cybersecurity is gaining traction and getting the attention of leaders, there’s more work to be done to actually adopt cybersecurity prevention strategies. This becomes increasingly important as more workloads move to the cloud and data is managed or handled by third-party entities.