Many New Zealand and Australia companies have spent an average of $2 million per year fighting cyber attacks, according to a recent study.
Symantec Corp, a computer security company, released its 2010 State of Enterprise Security Study today that showed 89 percent of companies surveyed in both countries experienced cyber attacks in the past 12 months.
Symantec surveyed over 2000 enterprises from 27 countries in January this year -- 125 from Australia and 75 from New Zealand.
The study found 43 percent of business in both countries and 42 percent globally "rate security their top issue".
Vice-president and managing director for the Pacific region Craig Scroggie said the results reinforced that organisations were concerned about security.
Companies reported losses of corporate data, costumer information theft, and identify theft.
"It's not only the financial impact to consider then, but the damage to brand and reputation," Mr Scroggie said. "Consumers lose confidence in organisations, they lose confidence in the brand when anything to do with their personal information may be exposed.
"That's why organisations continue to focus on that security posture. Most importantly 92 percent of the survey respondents in Australia and New Zealand said they expect their security budgets to be somewhat, or significantly, larger over the next 12 months."
All the companies surveyed in both countries said they forecast changes to better manage business risk of information technology (IT), with more than half predicting major changes.
The study stated company security departments were understaffed, and companies were embarking on new initiatives that made providing security more difficult.
Symantec recommended companies protect their infrastructure by securing messaging and web environments, for example.
"Defending critical internal servers and implementing the ability to back up and recover data should be priorities," the report said. "Organisations also need the visibility and security intelligence to respond to threats rapidly."
IT administrators needed to be more pro-active as well by "taking a content-aware approach to protecting information".
Symantec suggested companies enforce IT policies, "by prioritising risks and defining policies that span across all locations.
"Customers can enforce policies through built-in automation and workflow and not only identify threats but remediate incidents as they occur or anticipate them before they happen."