Virus infections accounted for roughly half of the worst security incidents in the past two years, and two-fifths of these had a serious impact on the affected business.
Conducted by a group led by PricewaterhouseCoopers (PwC), the survey found that virus infections were more likely to have caused service interruption than other incidents, while around a quarter of companies reported a virus as their worst incident of major disruption.
PwC partner Chris Potter said it was very encouraging to see the progress that UK companies have made in installing anti-virus software and patching their systems.
"However, there's a danger of fighting yesterday's battle. Past viruses were designed to cause large amounts of indiscriminate damage, usually by taking down networks.
"Today's viruses are more insidious, hiding on infected machines, gathering information and targeting their strikes at valuable data. Cybercriminals now use virus infections to get in under the radar of businesses and steal confidential data," he said.
Ed Rowley, a technical consultant at messaging security firm CipherTrust, said the challenge facing organisations today is the increase in spyware, with 25 per cent of the companies surveyed having no defence against this form of attack.
"Businesses need to move with the times and make sure they are protecting themselves from today's and tomorrow's threats," he said.
"Zombies are the biggest threat in 2006. It is both cause and symptom of today's virus problem. Machines infected by zombies are the cause of the spam overload and help propagate phishing attacks, as well as helping to spread the original virus with which they were infected.
"In the past six months, zombies have increased by 50 per cent and have reached a record high of 250,000 new infections each day."
Other experts said the report highlighted the need for multi-layered defences.
"There are many more vulnerabilities that need to be protected against," said Neal Lillywhite, country manager for UK and Ireland at Crossbeam Systems. "Businesses must deploy the necessary security appliances to protect critical networks and sensitive data from breaches," he said.