Three-quarters of UK companies have been hit by security breaches in their computer systems over the past year, costing billions to industry.
Computer security has become a big issue
Viruses, staff misuse and hacking are blamed in the survey by the Department of Trade & Industry (DTI) and accountancy firm PwC.
Most businesses know there is a problem, PwC said, and virus writing gangs are getting more sophisticated.
The average computer incident costs large companies £120,000 a time.
UK businesses are being exposed to ever-greater threats to their information systems as use of the internet and wider connectivity among companies increases, the government-sponsored survey found.
The DTI's Information Security Breaches Survey discovered that 74% of all businesses and 94% of large companies had an IT security incident in the last year, up from 44% of all businesses in 2002 and just 24% in 2000.
The average UK business now has roughly one security incident a month and larger ones suffer around one a week.
The report recommended that companies invest more on security controls and that they make sure key security defences are robust and up to date.
"While awareness of the threats has never been higher, many businesses are still finding their precautions are inadequate," warned PwC's information security partner Chris Potter.
"What this survey shows is that too many companies have waited until an incident hits them before putting counter-measures in place."
Unfortunately, no computer software is immune from criminal attacks, warned software giant Microsoft.
"The security skills gap illustrated in the survey is an important issue," said Stuart Okin, Microsoft Europe's chief security officer.
"There is a need for the industry to work together to minimise risks to information security."
Computer Associates, which helped sponsor the survey, also called for an integrated approach to security threats.
Without this, it said, companies would continue to play into the hands of the hacking community.