A white paper released in the United States by Web filtering vendor SurfControl found that more than 80 percent of security compromises faced by companies came from within.
The white paper also found that poor security policies and procedures and lack of staff education contributed to employees being an IT security risk.
"Whether incidents are due to malicious intent or inadvertent employee error, the result is the same: loss of revenue, productivity, and potential liability," said author Jack McCullough in a statement about the white paper.
"Many organizations only develop or update policies and procedures in reaction to a security compromise," McCullough said. "As a result companies are vulnerable, despite spending large sums on security products and consultants."
Charles Heunemann, managing director at SurfControl in Australia, estimates that about 90 percent of Australian companies' intellectual capital is held in digital format. Heunemann believes it's this which makes it a convenient target for unauthorized electronic transfer.
