The survey reveals that security incidents have doubled over the past two years.
Despite the growing threats, less than half of businesses use encryption to secure transactions and confidential files on web servers.
Fewer than a third encrypt credit card details and other confidential data, and a third fail to authenticate customers' identity online before completing a transaction.
As a result, about 2% of UK web sites have been vandalised or defaced, 7% have been subject to denial of service attacks, and 2% have been used by hackers to penetrate internal systems.
About 2% of web sites have had customer data such as credit card details stolen.
In one case a hacker broke into a company's mail server and used it to launch a spamming campaign, after the company lowered its e-mail gateway security to carry out routine maintenance.
"There is still a lack of understanding about the issues and about the risks involved and how to address them. It's clear there is more progress to be made," said Chris Potter, partner at PricewaterhouseCoopers, which conducted the survey for the DTI.
The biggest security risks, according to the survey, are virus infections and disruptive software, reported by 41% of businesses compared to only 16% last year.
About 14% of businesses reported unauthorised access to their systems including hacking on web sites and misuse by employees compared to 4% two years ago.
Inappropriate use of IT systems by staff was reported by11% of businesses compared to 8% two years ago.