Half of UK businesses were damaged by computer viruses in 2003, despite most of them using anti-virus software.
Viruses are causing big business big problems
The findings were revealed in early results of a UK government survey that catalogues security breaches suffered by British businesses.
It revealed the new tactics virus writers use to spread their creations.
"Anti-virus software alone is just not enough anymore," said Chris Potter, a PricewaterhouseCoopers security analyst who co-wrote the survey.
The survey, funded by the Department of Trade and Industry, found that 93% of UK businesses, and 99% of large businesses, use anti-virus software to spot and stop malicious programs.
Almost 60% of firms update this protection software automatically to keep current with new threats.
But despite this blanket use of security measures, half of firms, and 68% of large companies, were caught out by viruses during 2003.
Some lost data, others suffered downtime or had their business disrupted by these pernicious programs.
Mr Potter said the main culprit was the Blaster worm that caused 38% of all the disruption businesses suffered.
The actual disruption caused varied from a few hours of downtime on one day to weeks of work to clean up compromised machines and stamp out the infection.
The good news, said Mr Potter, was that many of the most successful viruses of the last 12 months have not deleted files or wiped hard disks.
The disruption caused by viruses could have been much greater if virus writers were bent on doing damage, he said.
He said the speed with which worms like Blaster and Slammer can spread and the fact that they do not travel via e-mail meant that companies had to change the way that they protected themselves.
Firms had to be sure that systems were kept updated to block loopholes that worms exploit, he said.
The time that firms have to react when a vulnerability becomes known is also shrinking.
Research by security firm Qualys has established that 80% of vulnerabilities are exploited within 60 days of being discovered.
Qualys maintains a hit list of the most popular vulnerabilities to help firms work out which ones they should patch first.
The Information Security Breaches survey is carried out by the Department of Trade and Industry every two years.
The full results of the survey will be made public in late April at the Infosecurity Europe trade show.