More than 70 per cent of FTSE 250 firms are spending less than 10 per cent of their IT budgets on security, according to an independent survey commissioned by security software firm Prevx.

Some 37 per cent of the 200 chief information and technology officers questioned said this is inadequate, and cited budget constraints and boardroom apathy as the biggest hindrances.

A quarter of IT chiefs said company board directors do not adequately understand the risks a security breach can have on their organisation. FTSE 250 leisure firms are the most vulnerable to internet attacks, according to the FTSE 250 cyber-threat risk index.

'There are clear gaps in the IT security strategies of FTSE 250 companies,' said Nick Ray, chief executive of Prevx. 'Cyber-attacks not only compromise private company data but also lead to unprecedented downtime, which can be extremely costly.'

Growing laptop usage and mobile working is the biggest concern among IT departments, yet almost half of respondents admit to having insufficient spyware detection and firewalls installed on portable devices, the report says.

What do you think? Email feedback@computing.co.uk

If you want to be first with the news, visit Computing every day.