Hackers were cited as the source of 61 percent of the attacks, followed by e-mail at 27 percent. Attacks by unauthorized users and employees, former employees, and competitors, however, accounted for more than 1 out of every 10 attacks.
Of those companies which admitted to a security breach, 83 percent reported at least some monetary loss -- ranging from network downtime and lost or damaged customer records to direct financial losses and identity theft. Downtime averaged 1.33 days per employee over the past 12 months.
"The price of being unprepared or under-prepared amounted to a loss of hard dollars for eight in ten companies surveyed, and the lost time equivalent of more than an extra vacation or sick day for each and every employee in a penetrated company," said Lobel.
But the wave of problems hasn't meant hard-charging companies are spending more on security. On average, the polled CEOs said that their organizations were spending 1.9 percent of their operating budget on information security this year, only a slight increase from the 1.8 percent that they spent in 2002.
"Unless more attention is given to information security budgets and priorities, many of these fast growth companies could be placing themselves at risk," said Lobel.