Although 49% of the companies that took part in a survey conducted by RSA Conference said that their primary security concern was data leakage, such as employee or customer information, and 29% of them were in fact confronted with the problem in 2007, only 11% actually reported the incidents.

"Security professionals need to remain cognizant of the regulations that their organizations must comply with and ensure they are taking steps to properly report the security incidents that are required by law - whatever they may be." said Tim Mather, Chief Security Strategist, RSA Conference. With no reports from the organizations that were affected, it is more and more difficult for both security specialists and legal regulators to take the right measures to reduce online security incidents.

Aside from data theft, companies showed that they are mostly worried about email-borne malware/phishing (41%), web-borne malware, insider threats/theft (both up to 36%), intellectual property theft (34%) and known software vulnerabilities (24%).

Although they seem concerned with the probability of an attack, 46% of the companies that responded to the survey said they didn't face any security incident in 2007. 13% of them were less lucky, reporting over 20 attacks in one single year.

Speaking of those for whom 2007 was not a peaceful year at all, 69% of the companies that indicated they had to deal with security threats last year said that email-borne malware/phishing was the pain in the neck for them. 44% faced web-borne malware, while 16% admitted that not only their data, but their finances also were struck by organized crime for commercial gain. Mobile phone or smartphone malware that tried to affect the computer systems of the companies was reported by only 9% of them, but it doesn't mean that this is a field where Internet offenders have said their final word.