Attendees of last year's Black Hat security conference cite IoT security as a crucial issue. It's just not a crucial issue now.

Only 9 percent of them consider IoT security a concern for this year, according to a survey Black Hat published today. But they expect IoT to be their No. 1 issue two years from now.

Last year's survey — the first one Black Hat ever conducted, with 460 respondents — had a similar result, with only 7 percent citing IoT as a top current concern.

Some of the difference comes from the fact that enterprise IoT is still new. Enterprises have certainly networked things such as printers, but it seems IT managers expect a bigger IoT implementation to come in the next couple of years.

To be specific, the survey listed a couple dozen potential problems and asked which ones will be top concerns in two years. "Digital attacks on non-computer devices and systems — the Internet of Things" was the top response, cited by 28 percent of the 250 respondents.

Interestingly, the 2015 survey also had IoT at the top of this list, but with 36 percent of the vote. It's as if the amount of worry in the IT industry is being spread out among more potential problems.

If IoT isn't keeping executives up at night, what is? The top concern, both this year and last, was "sophisticated attacks targeted directly at the organization," with 33 percent of the vote this year and 44 percent last year. Given the number of high-profile security breaches in the past couple of years, this isn't surprising.

The second biggest concern was the need to stay in compliance with industry regulations. That one was chosen by 28 percent of respondents. It apparently wasn't one of the choices on the 2015 survey.

Regarding the overall need for security, 25 percent of respondents said it's "highly likely" that their companies will have to respond to major breaches in the next 12 months. Another 15 percent said they have no doubt this will happen.

But consider — the survey consisted entirely of Black Hat attendees. Their security awareness is probably higher than usual, and they go to conferences where they're repeatedly told what a scary, cruel world it is out there. They certainly might be right about the likelihood of a breach, but it's hardly surprising to hear they think this way.