One in five companies will suffer a serious internet security incident - above and beyond virus attacks - in the next two years, analyst Gartner has warned.

The analyst said that cyber-criminals are taking advantage of users, enterprises and unsecured systems to usher in a new era of "high-profit, low-overhead" crimes, targeting information and intellectual property.

Even though the majority of companies will not come under attack, Gartner said they should still take the proper precautions.

"Being a victim of one of these security incidents could be much more costly for enterprises if they don't protect themselves," warned the analyst in its report, entitled Securing the Enterprise: The Latest Strategies and Technologies for Building a Safe Architecture.

Gartner vice president Richard Hunter said in a statement: "It takes only one unsecured machine on a network to create potential risk for everyone else. The risks and the costs of defences are high, and the trend is moving both upward."

The top vulnerabilities are insecure commercial software, poor software patching policies, and "misguided users who believe crime happens to someone else", said Gartner.

New technologies will also add to the problems. Web services create new "discontinuities" in application security, and wireless local area networks and instant messaging also create potential risks, the report noted.

But there is some good news ahead: Gartner said products are becoming more secure as standard, although this is driving up cost.

Victor Wheatman, the analyst group's managing vice president, said: "As enterprises turn their collective attention away from tactical security issues stemming from homeland security initiatives and back to infrastructure security, they will witness an evolution from after-the-fact improvements to more secure and thus more expensive products."