Poorly protected home PCs now pose the biggest threat to computer networks belonging to businesses and governments, according to cyber crime experts, who say that the increasingly organised nature of hackers and internet fraudsters requires a more organised response.

Research to be published this week will reveal that 60 per cent of home computer users want internet service providers to take the lead in securing their computers by offering them the option of subscribing to an all-inclusive security package. Half would be prepared to pay an extra £2 per month for the service, the research found.

Unprotected home computers may be infected with viruses that allow hackers to take control of them and use them to send infected e-mails to their targets. These so-called 'zombie' machines make it harder to trace the source of an attack and allow hackers to send large numbers of e-mails simultaneously, increasing the chances of a virus reaching its target.

"The biggest threat to your computer is when you go online so it makes sense to get your protection from the ISP," said Paul Goossens, CEO of Preventon, a company specialising in subscription-based internet security packages.

He said that many people believe they are protected if they have installed any kind of security software, but most do not use a comprehensive package with a firewall and software to protect against viruses, spyware and spam. Nearly three quarters of users have not installed the security packages that came with their PCs, according to the research, which was carried out by Marketing Science during May and June.

Mr Goossens said that the general level of internet security would be raised if ISPs offered simple, comprehensive protection that users could opt in to when signing up for an internet connection.

The current piecemeal approach to web security, with non-expert users attempting to assemble their own protection, is increasing the risks for all users, according to Graham Cluley, a senior technology consultant at internet security software company Sophos. "Home users are posing most of the threat to business," he said, adding that the most prevalent viruses are more than a year old and could be stopped by relatively basic antivirus software.

The importance of internet security is likely to grow as the nature of crime on the web changes, according to Pete Simpson, the ThreatLab manager at the software company Clearswift. "The archetypal virus writer, sometimes called a hacker, was in it for the recreation, for the intellectual challenge. Some of them were a bit stupid and changed code so that it deleted things, but a lot of them have now stopped because they don’t want to be tarred with the same brush." The new groups have more in common with traditional organised criminals, he said, and are often involved with prostitution and arms deals as well as cyber crime.

There are three main ways in which criminals can make money from the internet. The first is through sending large amounts of spam requesting bank details or offering goods for sale. Since the cost is virtually nil, the senders need only a tiny proportion of recipients to respond in order to make a profit.

More sophisticated schemes resemble traditional commercial espionage or extortion rackets. The recent arrest of 18 people accused of planting spyware in several Israeli companies demonstrated the risk that programs could be used to scan computers for sensitive documents to send to the hackers. The information can be sold to rivals or used to blackmail the target company.

Other hackers threaten disrupt a company’s business or close down its website unless a ransom is paid. In May this year the FBI investigated claims that cyber criminals had used a virus to lock up a companies files and demanded money in return for the key that would unlock them. There are relatively few reports of this kind of attack, but companies falling victim to such extortion rackets may be tempted to pay up rather than risk the negative publicity associated with security breaches.

Simon Perry, the vice president of the eTrust Security Management division of Computer Associates, agreed that home users are providing hackers with a platform from which to attack their targets, but he said that it was counterproductive to blame individuals. "The industry has sold the computer as if it is a TV set," he said. "We take it out of the box, plug in a power cord and never do anything to it again. Computer users will have to adjust to the idea of making regular upgrades to their hardware and software in order to keep it secure, he suggested, but all the links in the chain connecting internet users will have to play their part.

"I think ISPs do need to take responsibility and they are not doing that today," he said, but he added that this could change as people come to expect higher standards of security with their internet connections. "People used to laugh at Volvo for focusing on safety, and now we can’t get a car without 12 airbags," he said.

Priya Patel, the marketing director of the software consultancy Exoftware, agreed that individual users should not be solely responsible for internet security, but said that software companies could do more to ensure their programs are not vulnerable to attack. "Most testing happens right at the very end of the development process," she said, "and in the rush to get a product to market deadlines get pushed."

She said that the aim of software developers should be to produce bug-free software that works straight from the box without the need for patches and upgrades. "The technology is there to do it," she said, "but it’s going to take a certain amount of consumers being hit before we get there."

Explore Tech & Web

• Personal Tech

• The Web

• Gadgets & Gaming