The Confederation of British Industry (CBI) has warned that small and medium-sized businesses are leaving themselves open to electronic attack through lack of planning, putting themselves and the rest of the supply chain in danger.

Medium-sized firms came out particularly badly in the CBI's survey: while 60 percent of them engage with partners and clients online, more than half of these firms don't plan to put any security measures in place, the CBI said.

Smaller firms are more likely to pay attention to security, but pose less of a threat in the first place, since they aren't as likely to integrate their systems with other companies.

Ever-tighter supply-chain integration means such security problems are increasingly likely to affect partners and customers, according to Ernst & Young, which is supporting the publication of the report, Securing Value in the Online World.

"One weak link in a supply chain can bring down all the other members," said Ernst & Young's Antony Smyth, in a statement.

UK companies of all sizes have a serious problem with online crime, as confirmed by a National High-Tech Crime Unit (NHCTU) report in April. The report found that companies lost an estimated £2.45 billion in 2004 through electronic crime, with 178 out of 200 companies surveyed experiencing high-tech crime of some sort.

Of the companies affected, 90 percent said attackers had broken into their systems, and 89 percent said data had been stolen. Nine percent had been hit by financial fraud, at a cost of £68 million, while 97 percent had been affected by virus attacks.

Recognising that cybercriminals are becoming increasingly professional and organised, in April the government will fold the NHTCU into a new body called the Serious Organised Crime Agency (SOCA). SOCA will also include the National Criminal Intelligence Service and the investigative branches of the Customs and Immigration Service, and will have around 5,000 agents.

The UK's principal anti-cybercrime law, the Computer Misuse Act, has been criticised as lacking the necessary powers to put up an adequate fight against online crime. Critics include the All-Party Internet Group, and Microsoft UK's chief security advisor, Ed Gibson, added his voice to the critics at the launch of the CBI's latest report.

Gibson said the government isn't providing clear-cut ways for businesses to report cybercrime, with the result that existing online crime statistics are next to useless.