Ninety-four per cent of large firms experienced security incidents (91 per cent malicious) in 2003, according to the Department of Trade and Industry Information Security Breaches Survey 2004.
"Organisations seemed to lack the expertise to face the threats and in many cases they are not spending enough," said Chris Potter, information security assurance partner for PricewaterhouseCooper, a firm that led the research.
The report showed that virus attacks and inappropriate use of systems accounted for most incidents. On top of which, only 12 per cent of respondents were aware of BS7799, and one in ten firms had staff with IT security qualifications.
The DTI interviewed 1000 people by telephone.