It reads like an advertisement for computer security firms - or a condemnation of their products.

A global survey of IT professionals, published today, shows computer hackers and viruses attacked 92% of British businesses over the last year - despite increased spending to stop the problem.

UK magazine Computing and its sister titles surveyed 7,000 technology and security professionals in 40 countries for a global information security survey.

Researchers found many businesses were not following best practice security advice, but that most intended to spend more money in an effort to combat the problem.

Across Europe, the survey showed that 57% of businesses planned to spend more on computer security this year, compared with 30% in 2003.

However, Computing reported, one third of UK companies did not include email usage guidelines in their security policies, while only 44% included details about appropriate web use. Just 40% provided security awareness training.

Security was not just a case of explaining to employees why they should not open dubious-looking email attachments. The survey found that flaws in operating system software were the most common reason for virus and worm attacks.

Perhaps unsurprisingly, researchers discovered a certain amount of anger that software makers did not take legal and financial responsibility when a flaw in their products resulted in a security breach.

"Vendors' products aren't secure enough," Peter Pedersen, the chief technology officer at interactive betting firm Blue Square, told the magazine. "It's very rare that users can claim for any losses incurred. Users are just left to accept software at face value and, if it doesn't do the job, then it's tough."

Patching has become a particular concern for businesses, because no IT department wants to be caught out by failing to fix a hole that a software provider has already warned about.

Often, a software company discovers a hole in its product, posts a fix for it, and then, weeks later, a virus exploiting that flaw infects thousands of users.

This happened with the Code Red worm, which exploited a glitch in Microsoft's IIS software, and the SQL Slammer worm, which took advantage of a hole in the Microsoft SQL 2000 server.

"Every business needs to be clear that viruses and hacking are now a fact of life," Computing editor Michael Gubbins said.

"All business policies need to understand the nature of those threats. We believe government and industry bodies could play a big role in making everyone aware of the dangers and best practice intervention."