Wound-up workers the ones to watch

And they also believe security breaches usually arise from a failure of process rather than a failure of technology.

These are among the key research findings published in Testing the Defences: facing up to the challenge of corporate security, a new white paper from the Economist Intelligence Unit, sponsored by Nortel Networks.

The paper argues while more companies are treating security as a priority, many have failed to introduce effective risk management and controls.

In a survey of 178 senior managers around the world, conducted as part of the research for the report, 68% of executives said they had not attempted to quantify the security risks their companies face.

The report also draws a number of conclusions for business leaders seeking to understand today's complex security environment:

* Executives struggle to measure and prioritise security risk. Even though 71% of companies conduct a risk analysis of their security environment once a year or more, 32% do not know the cost of security breaches.

* Employees hold the key to corporate security - 57% of the survey respondents believe security breaches are more likely to be a result of accident than deliberate intent; 78% said breaches arise from a failure of internal process.

* Many companies do not have specific policies in place to tackle accidental leaking of sensitive data.

Even where strong policies exist, training and incentives are required to ensure employees follow security procedures to the letter.

Malcolm Collins, president, Enterprise Net-works, Nortel Networks, said: "These findings make it clear that companies have a lot more to do if they want to fully protect their business.

"This is much more than an IT issue - security has to become part of the organisation's DNA."

Testing the Defences: facing up to the challenge of corporate security is available free of charge from the Executive Briefing website (http://eb.eiu.com)