In its Information Security Breaches Survey, unveiled at the Infosecurity 2004 show, the DTI found businesses more vulnerable than during the last survey in 2002.

The research found that large companies are attacked at least once a week, with the average company receiving one attack every month.

Larger companies are also getting a virus attack once a month. Three-quarters of all those surveyed - and 94% of large firms - had a security incident in the last year.

Speaking at the launch Stephen Timms, minister of state for e-commerce, described the research as an important wake-up call. 'The survey is a call to action; the stakes are high,' he said.

'This survey shows the scale of the effort business needs to make. The costs will only increase until companies follow best practice. Until now it could be thought that information problems were something that happened to other people.'

Timms praised firms for adopting the internet so wholeheartedly, but said that it placed new stresses on them, from handling new viruses to basic server management. And he stressed IT security's direct effect on a company's bottom line.

But despite some businesses taking the problem seriously, under-investment and ignorance continues.

'Security expenditure is increasing, and that is an improvement,' said Chris Potter, the partner at PricewaterhouseCoopers who carried out the survey of 1,000 companies.

'But those rosy-looking numbers mask a problem. Roughly a quarter of the companies we surveyed are investing above what you would expect. However, the majority are not spending enough - not even one per cent of turnover.'

There is also a skills gap hitting the industry, with only 10% of companies having any staff with formal IT qualifications.

And there was bad news for the government as only 12% of respondents had heard of BS7799, the international standard on information security.

Overall, business is pessimistic about the future: just 15% of firms believe the security situation will improve next year.