British businesses are lagging far behind their European counterparts in computer security, according to a survey published today.

Although two in five of those questioned had suffered a virus attack in the last year and a quarter had been hit by more than five, two in five UK respondents had not updated their antivirus software in the last month.

The average cost of every virus to UK businesses was equated to £2,500 in lost business time.

Covering 500 small firms across the UK, Italy, Spain, France, Germany and the Netherlands, the research found UK companies to be the least vigilant in updating antivirus software, while Spanish firms were the most aware.

"It's obvious from this that education hasn't worked," said Jack Clark, technical consultant at McAfee Security, which commissioned the research from Taylor Nelson Sofres.

"The survey shows people in the UK are thinking about security but not doing anything about it. We need to get people to stop sitting around waiting for an attack and getting out and doing something to ward it off beforehand."

The report recommends that more companies should follow the managed services route, since most appear to lack the resources to deal with their security full time.

"I'm surprised to see UK businesses that low on the list," said Professor Neil Barratt, technical director of security specialists Information Risk Management.

"I'd suggest that, even if this is the case, our businesses aren't that bad when compared to some companies in the Far East. The Spanish being the best in Europe isn't a surprise considering the legislation on the books over there."

Under Spanish law, companies are required to have IT security systems and to regularly maintain them to keep efficiency high. No other European country has such laws.

The survey also highlighted a lack of overall awareness of the types of security threats faced by companies. Almost a third of firms admitted to not knowing that their personal information could be stolen and used against them.