The average cost of these attacks works out to be around $2m but, despite the costs involved, respondents said they are finding it difficult to counter the problem owing to understaffing.
The study – which is based on surveys of 2100 enterprise CIOs, CISOs and IT managers from 27 countries carried out in January – shows that the average enterprise deploys around 120 employees to security and IT compliance issues.
So, Infosecurity asked Mike Jones, one of the researchers on the Symantec survey, is the enterprise security landscape changing from where it was a few years ago?
The answer, he said, is a definite yes, with anecdotal evidence that IT security is at last being recognised as a serious issue by senior management being confirmed from the results of the study.
"Many of the companies we encounter are saying – I have spent big money on multiple security solutions over the years, but I still can't sleep soundly in my bed at night", he said.
And, says Jones, not all security systems and software are as effective as some people think.
"Some security technology is about slamming the door on the horse's leg as it is bolting, rather than preventing the horse bolting in the first place", he explained.
So what's the solution – more money? we asked.
"Throwing more money at the problem won't always solve it. You have to start spending (your IT security) money smarter. Security has to be smart and the role of the IT managers has to be high profile in most businesses", he said.
According to Jones, the results of the survey made for some interesting reading, not least the fact that the aftermath of security attacks can be expensive to clean up.
Jones' comments are echoed by Francis deSouza, Symantec's senior vice president of enterprise security, who said that protecting information today is more challenging than ever.
"By putting in place a security blueprint that protects their infrastructure and information, enforces IT policies, and manages systems more efficiently, businesses can increase their competitive edge in today's information-driven world", he said.
One of the pieces of bad news in the survey is that every enterprise (100%) said they had cyber losses in 2009.
The top three reported losses were theft of intellectual property, theft of customer credit card information or other financial information, and theft of customer personally identifiable data.
Interestingly, the study found that these losses translated to monetary costs 92% of the time.
De Souza said that Abu Dhabi Commercial Bank is a good example of an organisation that has put an effective security strategy into place with an emphasis on addressing issues pro-actively.
"The company has a complete solution set of products and services that provide 24-hour protection, threat monitoring and response, all for a fixed annual cost", he said.
"This approach is more cost-effective than securing a network after it has been compromised", he added.
It's against this backdrop that Symantec recommends that businesses should protect their infrastructure by securing their end points, messaging and web environments.
In addition, the IT security vendor says, defending critical internal servers and implementing the ability to back up and recover data should be priorities.
Organisations also need the visibility and security intelligence to respond to threats rapidly.