Browser-based attacks are increasing and may pose the next significant security threat, according to a report from the Computing Technology Industry Association (CompTIA).

The survey of nearly 900 organisations found that 36.8 per cent were hit with one or more browser-based attacks in the past six months, up from 25 per cent in last year's survey.

CompTIA defined a browser-based attack as one unleashed when someone visits a web page that appears harmless, but contains hidden code intended to sabotage a computer or compromise privacy.

The result of the attack can range from a crashed browser to the theft of personal information or other confidential data.

Viruses and worm attacks, although still the biggest threat to IT security, are less common than a year ago.

Last year 80 per cent of organisations identified worm and virus attacks as the most common security threat, but this year that figure had dropped to 68.6 per cent.

Network intrusion issues, last year's second most common security threat at 65.1 per cent, dropped to 39.9 per cent.

Organisations also reported declines in problems caused by remote access, such as virtual private networks and dial-up (41.7 per cent down from 49.9 per cent) and social engineering (17.9 per cent down from 21.9 per cent).

CompTIA president and chief executive John Venator said in a statement: "The explosion of dynamic, created-on-the-fly web pages, which often incorporate individual personal preferences, is exposing organisations' IT systems to new security threats.

"It is clear that education on IT security can no longer be limited to a handful of IT personnel. Keeping the IT infrastructure safe is the responsibility of everyone in the organisation."

The survey found that 95.5 per cent of organisations use some form of antivirus technology, while 90.8 per cent of respondents identified firewalls and proxy servers as the second most commonly used technology.

This is down from last year, when 93.7 per cent of organisations reported using these technologies.