Half of retailers in the United States have experienced a data breach at some point and a vast majority believe they are vulnerable to hacking threats, according to a new survey.

The data showing the fears of retail comes as part of the 2017 Thales Data Threat Report, Retail Edition conducted by 451 Research. The survey included more than 1,100 senior security executives at global retail firms.

Read: Target Settlement: Company Will Pay $18.5M For Credit Card Data Breach

The fear that many retailers have about potential threats to sensitive data—88 percent consider themselves to be vulnerable—appears not to have much effect in slowing reliance on that valuable information. Ninety-five percent of U.S. retailers surveyed said they would use sensitive data this year.

Consumers may take issue with this given the lack of confidence held by the retailers themselves in their ability to secure that data. More than half of respondents said they believe sensitive data is being used without proper security in place.

One in five businesses in the U.S. reported feeling “very” or “extremely” vulnerable to a hack, meaning the sensitive information those companies rely on could at some point be compromised. And once a firm is hit, it’s not immune to further attacks. Eleven percent of companies breached in the last year experienced another breach prior to that.

It’s not all bad news for firms in the U.S., though: the breach rate in the last year for retailers operating in the country is significantly lower than it is globally. Just 19 percent of American firms have been hit over the last year—a drop from 22 percent the year prior—compared to 43 percent globally.

Read: HospitalGown Database Leak: Enterprise Apps Found Leaking Data On Back End Servers

One reason for the improved performance of U.S. firms may be the increase in IT security spending. More than three-quarters of survey respondents, 77 percent, said they increased investment in their cyber defenses.

There is some concern that those investments are being made in the wrong areas, though. Nearly nine in 10 of all companies said network security is “very” or “extremely” effective at protecting data from breaches, which would protect the company’s network but could still leave data exposed when stored in the cloud.

Structure Security Newsweek is hosting a Structure Security event Sept. 26-27 in San Francisco. Photo: Newsweek Media Group

“These distressing breach rates serve as stark proof that data on any system can be attacked and compromised,” Garrett Bekker, principal analyst for information security at 451 Research said in a statement. “Unfortunately, organizations keep spending on the same security solutions that worked for them in the past, but aren’t necessarily the most effective at stopping modern breaches.”

It’s understandable why retailers would be on edge about attacks given the rash of hacks that hit major companies in recent years. Earlier this year, Target agreed to pay $18.5 million as part of a settlement over a 2013 data breach that exposed customer credit card information, proving that failing to provide proper defenses can cause more damage and expense for companies in the long run.

While retailers ramp up their defenses against cyberattacks and fear for the worst, they have actually improved their lot in recent years compared to other sectors. Twenty percent of healthcare firms, 24 percent of financial services, and 34 percent of federal government agencies reported data breaches in the last year—all higher than the 19 percent of retail incidents.