A survey of more than 200 IT security professionals by Computer Weekly and the National Computing Centre revealed that 56% of employers have taken action against staff for abusing web access, and 44% have acted over e-mail misuse in the past two years.
The research found that employers were failing to ensure that staff understood corporate security policies, potentially leaving them exposed to legal action or embarrassment when staff abuse internet access.
"If employees are sending out inappropriate e-mail from your organisation, it can damage your reputation. Any information sent out on a company e-mail, if defamatory, could expose a company to legal action," said Mark O'Flaherty, partner in information security at Ernst & Young.
The survey revealed a catalogue of security breaches caused by firms' own staff, ranging from downloading inappropriate images to fraud. Nearly 20% said they were aware of malicious security breaches by their staff in the past two years.
The IT security staff surveyed said 63% of the incidents had a "significant" impact on the business. In one case, a staff member was caught capturing credit card details and passing them on to a crime ring. Another business was damaged when a staff member sent confidential data to a rival.