The survey, by the Business Software Alliance (BSA), polled 602 IT professionals in the US, 60% of whom worked at a company with 500 or more employees.
Of those professionals responsible for security issues, 60% felt it was likely that a company would get hit with at least one major cyberattack within the next year.
While more than half of all IT professionals surveyed felt US businesses have improved their security defences since the 11 September terrorist attacks, 45% said their companies were still unprepared for a major cyberattack.
Respondents were left to decide what constitutes a major" cyberattack. The survey asked respondents to gauge the likelihood of at least one major attack against a typical US company, not necessarily against the employer of each respondent, according to the BSA.
Robert Holleyman, president and chief executive officer of the BSA, said that most attacks are never reported. "We need to examine the attacks and look for patterns," he said.
"We need to create incentives for companies to report vulnerabilities and incursions to their networks without the fear of that information being released to competitors."
US businesses are devoting fewer resources toward defending themselves against cyberattacks than they did attempting to solve the Y2K problem, according to 47% of IT professionals surveyed; 71% felt that businesses should concentrate more on cyberdefence.
On the positive side, 94% said every computer at their company had antivirus software, and 92% said their company uses a firewall. And, while they are wary of the next attack, 70% of those surveyed said the benefits and convenience of the Internet outweighed their security concerns.