Despite the increasing legislation, and directors' liability for e-mails sent by their own staff, a survey revealed by Content Technologies showed that 60% of business managers have had no training on computer security issues.
The statistic reflects the fact that although e-mail and Internet viruses, pornography and other security breaches are on the increase, the problem is often not understood at board level.
The survey of 750 international businesses was undertaken by Secure Computing magazine and sponsored by Content Technologies, a developer of e-mail and Internet content security and policy management solutions.
Of the companies surveyed, two thirds of organisations have suffered virus, worm or 'Trojan' related problems over the past year (such as Melissa or the Lovebug). In one incident the cost to the organisation was placed at over $1 million.
Computer viruses still cause the biggest security problems for companies in terms of number of incidents and lost working hours.
However, pornography in e-mails is also becoming increasingly problematic (with spam and hacking close behind in third and fourth positions).
Some companies are failing to respond to threats, despite increasing risks. Almost a third of companies still have no manager responsible for computing security; and over 60% of business managers have no training in computer security issues.
Of the business managers who have had training, over 60% had their training more than 12 months ago.
Breaches in confidentiality are on the increase and are of growing concern to companies, as is harassment by e-mail.
Two thirds of organisations either have no e-mail and Internet policy or have one that isn't enforced; one in four companies saw no need to educate users, and a further one in three leave it to a policy booklet.
Where technology was employed, the IT department had a high level of influence generating the purchase of security software. However, so too did marketing departments. Yet some of the departments which stand to lose most from security issues had less influence, including human resources, finance and engineering.
Chris Heslop, Content Technologies' Worldwide marketing director, said: "This research confirms that the majority of organisations still have no e-mail and Internet usage policy in place to protect not just their businesses but also their employees. Organisations need to establish an e-mail and Internet usage policy, educate their employees on the policy and enforce it using content security software such as the MIMEsweeper family of products. We believe that by deploying such procedures organisations are more able to protect themselves from the loss of intellectual property, corrupted data, loss of productivity and exposure to legal liability as well as protecting their employees from harassment."
Paul Robinson, editor of Secure Computing, said: "We are beginning to see many of the issues we predicted last year emerging as clear trends. Viruses have continued to be the main source of security breaches, but connectivity to the Internet means that pornography and confidentiality are becoming greater problems, a trend which I predict will continue."