It's not distributed denial of service or malware threats that banks are most concerned about when it comes to security, but spam, according to a survey released this week.

The SAS-sponsored survey queried 250 bank executives around the world about cyber risks — 40% in the U.S., 21% in Europe and 20% in Latin America. Nearly half (42%) were in IT, the rest in finance and general management.

A vast majority of the bankers (79.6%) reported that they'd been targets of spam — which is natural considering how prevalent spam is. Half (50.4%) said they'd been victims of phishing, 48.8% said they'd been spimmed (spammed via instant messaging), 42.4% reported smishing.

Malware attacks were cited by a mere third (36.4%) of the bankers, mobile malware by 35.2%. Only 9.6% said they'd been hacked and 8.8% said they'd been hit with distributed denial of service attacks.

In all cases, the actual rate of incidents may be far higher than the bankers know.

The surveyed bankers expressed some frustration with their current security technology: 39% said technology limitations are a primary challenge for their organization in dealing with cybersecurity; 38% said keeping up with rapidly changing cyberrisks was a major problem.

Almost all have a heightened sense of alarm about cybersecurity: More than three-quarters of the bankers (82%) think financial losses from cyberattacks is increasing at an unacceptable rate.