Three quarters of firms have been the victim of a cyber attack in the last year, says Symantec.

According to the security vendor's '2010 State of Enterprise Security' report, these attacks cost each organisation an average of $2 million a year.

Two in five businesses rated protecting themselves against cyber crime as a priority over natural disasters, terrorism and traditional crime, while 94 percent admitted they planned to make changes to IT security this year.

Symantec said 36 percent of organisations that have experienced a cyber attack admitted the attack was highly effective. Furthermore, 29 percent said the number of attacks have increased over the last year.

The research also also revealed that businesses said IT security was becoming more difficult due to understaffing, new initiatives that prove difficult to secure, such as cloud-based projects, and staff compliance.

"Protecting information today is more challenging than ever," said Francis deSouza, senior vice president of enterprise security at Symantec.

Symantec recommends organisations protect their IT infrastructure by securing endpoints, messaging and web environments while also developing and enforcing IT policies.

"By putting in place a security blueprint that protects their infrastructure and information, enforces IT policies, and manages systems more efficiently, businesses can increase their competitive edge in today's information-driven world."