More than two thirds (67 percent) of firms with more than 5,000 staff have experienced at least one network intrusion of their user machines this year, according to the sixth Annual Enterprise IT Security survey.

That's up on the 41 percent in 2009. Meanwhile mid-size companies of 1,000 to 4,999 employees fared better with 59 percent reporting an intrusion, up slightly from 57 percent in 2009.

For the first time, the survey, sponsored by VanDyke Software and undertaken by Amplitude Research in mid-September, delved into what the survey respondents believed primarily caused the network intrusion.

A 'hacker/network attack' was cited by 14 percent as the cause of the intrusion, while 12 percent blamed the lack of adequate security policies/measures and 10 percent believed it was down to employee web usage. Just under one in ten (nine percent) claimed it was due to virus/malware/spyware, while eight percent faulted other employee carelessness or negligence and six percent blamed unauthorised access by current or former employees. Weak passwords, lack of software updates, and a software security flaw or bug were all respectively cited by five percent of the respondents,

More than a quarter of the 2010 respondents say their employer outsources technology jobs to an offshore location, roughly the same percentage as in 2009. About half of those reporting this kind of outsourcing said they felt it had a negative impact on their own organisation's network security. However, nearly a third felt it had no impact and one fifth called it a positive impact.

About half of respondents said their organisations have a formal security audit by an outside firm at least once a year, up from 35 percent in 2009. Some 56 percent felt the audits helped identity "significant security problems".

Separately, 65 percent this year reported undergoing an internal security audit at least once a year, down slightly from 67 percent in 2009. Just under half (47 percent) felt internal audits helped identify security problems, but 30 percent said the audit didn't go far enough and 40 percent felt theys should occur more frequently.