More than traditional crime, natural disasters and terrorism, the security threat that enterprise IT departments are most concerned with is cybercrime, according to the results of a study released Monday by Symantec.

The survey of 2,100 enterprise CIOs, CISOs and IT managers from 27 countries found that 42 percent of organizations rate cyberattacks their top security issue. Moreover, 75 percent of respondents said their organization has experienced at least a few cyberattacks in the past 12 months. And, cyberattacks cost enterprises an average of $2 million per year due to a loss of productivity, revenue and customer trust associated with such events, the survey found.

The study found that all respondents experienced losses in 2009 resulting from cyberattacks. The most common losses included downtime associated with the incident and the theft of customers’ personally identifiable information or intellectual property.

“If we lose confidential information, such as Social Security numbers or credit cards, we’re liable,” an IT operations manager for a 1,500-employee auto dealership said in the survey. “We estimate that it costs us $11,000 a name if there is a compromise in security.”

With the frequency of cyberattacks and substantial losses associated with these events, security is becoming more difficult, the study found. IT departments are often understaffed, but at the same time are rolling out new initiatives and are exploring new standards for IT compliance. Survey respondents rated cloud computing and virtualization as the two most problematic IT security initiatives. 

To mitigate cyber risks, Symantec recommended that organizations secure endpoints, messaging and web environments along with critical internal servers. Also, organizations should protect information by understanding where sensitive data resides, who has access to it, and how it is coming in or leaving the organization.

Symantec also recommended developing and enforcing IT policies and automating compliance processes. Organizations should prioritize risks and create policies than span across all business locations. Finally, Big Yellow recommended organizations always apply the appropriate patches to ensure a secure operating environment, as well as monitor and report on system status.