Hacking attacks on UK businesses are falling but the cost of security breaches is rising fast, according to the DTI's Information Security Breaches Survey.

What is claimed to be the biggest ever security survey found that 62 per cent of businesses suffered a security breach last year, compared to 74 per cent in 2004, even though overall attacks have doubled in the past 10 years.

The fall was particularly pronounced among larger companies, which saw attacks fall by 50 per cent.

"This is a cause for concern," said Alun Michael, Minister for Industry and the Regions, speaking at Infosec Europe.

"The well-off will always protect themselves, but this shifts the attacks to more vulnerable targets. It's like the old city states where those inside the walls were safe but the peasants outside felt the heat."

The DTI survey also found that the cost of security breaches has risen sharply and is now costing UK business $10bn a year.

Only 50 per cent of companies had formal security policies that were tested, and two fifths of companies are spending less than one per cent of their IT budgets on security. The average is around four per cent.

"Overall British businesses are more aware than ever of the risk they face from information security breaches in an environment where threats are on the increase," said Chris Potter, the partner from PricewaterhouseCoopers who organised the survey.

"But some seem to believe that they are immune from the dangers and don't even have basic security controls in place.

"This is particularly worrying as we see new technologies emerging that pose threats to UK Plc. Businesses cannot afford to become complacent."

Although viruses are still the main threat, staff are the second biggest problem. Over one in 10 companies reported staff email abuse, and 17 per cent had problems with staff misuse of the internet.

The survey found that three fifths of UK firms are failing to block inappropriate websites, and only one in six are checking emails for inappropriate content.