Attacks on corporate data are getting more professional. The image of the lone hacker in his bathrobe playing gotcha is being superseded by one of dedicated, professional industrial espionage.

That’s according to a recent survey by the Center for Strategic and International Studies (CSIS).

The study, commissioned by computer security firm McAfee, interviewed over 600 IT managers in 14 countries and revealed a rapid growth in serious corporate and government espionage.

Almost 60% of the respondents said their networks were “under repeated cyber-attack, often by high-level adversaries such as nation-states, organized crime gangs or terror groups.” The attacks include such things as shutting down sites (denial of service attacks), malware and finding unprotected data on the site.

Only 57% of these companies installed security patches and updated security software on a regular basis. Scariest of all, some of the most vulnerable companies are utilities (electricity, water, sewage) that depend on Internet-connected systems management software to keep in operation.

Your company is probably not the target of interest for international cyber warriors or crime syndicates. Nevertheless, the techniques and tricks keep developing as fast as, or faster than, the technology to defend against them. If the largest global companies with serious IT budgets are having problems keeping the data safe, then smaller operations where the IT departments are being pulled in every direction to support daily operations are even more open to attack.

It’s a good idea for top management, IT staff and other concerned folks (HR, finance and others) to review the current state of the company’s defense strategy and the plans to upgrade it.

The biggest challenge: making the case for an increased security budget. Experts recommend IT explain security as a kind of insurance, with a detailed analysis of how attacks can lead to lost revenue.