The total cost of information security breaches to UK plc fell 35 per cent from some £10bn in 2006 to about £6bn in 2007, according to government-sponsored research.

The drop was thanks to improved security processes in business, says the 2008 Information Security Breaches survey by PricewaterhouseCoopers (PwC) for the Department for Business, Enterprise and Regulatory Reform (BERR).

But many firms are still wary about security as successful attacks are inflicting more and more damage on companies, said Andrew Beard of PwC.

"The seriousness of incidents is as bad as they have ever been - the worst incidents last year were the most expensive we have ever seen," he said.

The rash of new types of phishing that target senior executives - described as "whaling" - means attacks are less frequent but more damaging if succesful.

The survey found that 60 per cent fewer companies reported malware attacks than in the previous year but almost all (96 per cent) of very large companies had some kind of security incident.

The survey also says that over half of companies (54 per cent) allow their staff to access networks remotely, but the security of the access has been improved, with 94 per cent encrypting wireless networks, up from 48 per cent a year ago.

However, half (52 per cent) of firms are still not carrying out any formal risk assessment, and two thirds (67 per cent) do not do anything to prevent information leaving a company on portable media - the cause of most high profile data loss incidents.