As journalism becomes an increasingly digital practice, the data and communications of investigative journalists have become vulnerable to hackers, government surveillance and legal threats. But what are these vulnerabilities – and what steps have investigative journalists taken to protect themselves?

Here are five takeaways based on a new Pew Research Center survey of 671 members of Investigative Reporters and Editors (IRE), a nonprofit member organization for journalists:

1Journalists, Government Data CollectionAbout two-thirds (64%) believe that the U.S. government probably has collected data about their own phone calls, emails or online communications. This perception is especially prevalent among IRE journalists who cover national security, foreign affairs or the federal government. Fully 71% of this group say the government has likely collected this data. And eight-in-ten of all journalists surveyed express the belief that being a journalist increases the likelihood that their data will be collected by the U.S. government.

2Journalists, ISPs, Data ProtectionThese investigative journalists do not put much stock in their internet service providers to keep their data secure. Just 2% have “a lot of confidence” their ISP can protect their data from being accessed by unauthorized parties, while 71% have “not much or no confidence at all.”

Nine-in-ten believe their ISP would share their data with the U.S. government as part of National Security Agency data gathering, while 97% believe their ISP would share their data if subpoenaed by the government.

3Journalists, News Organizations, Protecting SourcesNews organizations get mixed reviews for their ability to protect the security of their employees’ communications. Among those who work for news organizations (589 of the 671 investigative journalists surveyed), half say their employer is not doing enough to protect journalists and their sources from surveillance and hacking, while about the same share (47%) says they are doing enough.

Just 21% say their organization has taken steps or implemented policies in the past year to protect journalists and their sources. Overall, fewer than half (41%) of IRE journalists have received training or instruction from outside sources about ways to protect themselves and their sources. And only about a quarter (26%) say they have spent at least some time researching what they can do personally to secure their communications.

4Journalists have changed some of their practices in their pursuit of stories and in dealing with sources. Nearly half (49%) say they have at least somewhat changed the way they store or share sensitive documents in the past year, and 29% say the same about the way they communicate with other reporters, editors or producers.

5There are areas where concerns about digital security have had less impact on journalists’ practices. Just 13% say concerns about surveillance and hacking have led them to not reach out to a particular source in the past year, and even fewer say concerns have led them to not pursue a particular story (3%) or to consider leaving investigative journalism (2%). Among reporters, less than a quarter currently use techniques such as turning off electronic devices when meeting sources (18%), avoiding the use of third-party email servers when communicating with sources (17%), or using “fake” or anonymous email and online accounts (14%).

Michael Barthel  is a former senior researcher focusing on journalism research at Pew Research Center.