British businesses are winning the battle against malicious hackers and computer criminals, research suggests.
Hacker Gary McKinnon will give a speech at the InfoSec show
In 2005, 62% of UK firms suffered security incidents compared to 74% in 2004 reveals government-backed Information Security Breaches survey.
It shows that since the last survey spending by British companies on security has grown significantly.
It found small firms were most at risk as they can struggle to find expertise to avoid security breaches.
Chris Potter, the PriceWaterhouseCoopers partner who led the survey for the Department of Trade and Industry, said the type of security incidents catching firms had changed significantly over the last few years.
Incidents covered by the survey involve virus infections, successful hack attacks, staff misusing the net and accidental loss of data.
In the 2004 survey, viruses were catching out a lot of companies, said Mr Potter.
"What we are seeing in 2006 is that virus infections has dropped by one third," he said.
In 2004, 50% of companies were infected by a virus. But in 2006, only 35% fell victim.
The percentage of firms suffering other types of security incidents had stayed broadly static, said Mr Potter.
"In 2002 and 2004 the news was pretty gloomy throughout," he said. "But in 2006 there's some cause for optimism."
Part of the explanation for this comes from the increased amounts that companies are spending on security.
Spending on security now takes up 4-5% of technology budgets, compared to 3% in 2004, said Mr Potter.
Despite the success against many of the most common types of security problems, many UK firms are still leaving themselves unnecessarily vulnerable to attack.
"In some senses it's a tale of two cities," said Mr Potter.
For every company that spends a lot on security and analyses how vulnerable it is to common attacks, there is another that does not.
With virus writers mounting stealthy attacks aimed at gathering information they can sell or use to steal money, this reluctance to look out for dangers can be very costly.
The survey found that small businesses were most likely to neglect security, either because they did not have the time, cash or experts on hand to help.
For small businesses, the average number of security incidents they suffer has grown by 50% since the last survey.
On average small firms suffer eight incidents a year. Each one costs about £12,000 to clear up.
The biennial Information Security Breaches is being launched at the InfoSec computer security conference in London, which runs from 25 to 27 April.