Nearly two-thirds of large businesses and one-fifth of all businesses say staff are misusing systems, according to the initial findings of a new report.

The 2004 Department of Trade and Industry's biennial Information Security Breaches Survey, conducted between October 2003 and January 2004, and which comes out in full on 30 April, polled 1,000 businesses, of all sizes, throughout the UK.

It found that excessive web browsing, email misuse, unauthorised access to systems and legal infringements were becoming more widespread as employees and companies become more computer literate.

The report also discovered that 8% of businesses said their worst security incident of the year was a consequence of internet misuse. Out of that number, one in five of those had a serious impact which caused disruption to the business while it was investigated, typically lasting up to a week and involving one to three man-days to sort out.

Another key finding in the report was that while incidents were rising, there was no corresponding increase in the levels of control companies applied. In particular, small and medium-sized enterprises that had recently granted their staff access, tended not to have implemented any controls over that access.

Chris Potter, the PricewaterhouseCoopers partner leading the survey, said: “As more businesses provide their staff with access to the internet, the number of incidents of staff abusing that access is rising. It seems unwise to wait until a major breach before putting effective controls and plans in place.

"Unfortunately, many businesses, particularly SMEs, are doing exactly that. Our survey shows that only one in three companies that suffered an incident involving Internet abuse already had a contingency plan in place to deal with it.”