Spam accounts for up to half the e-mails received by businesses, but only a minority are taking steps to prevent it, the DTI's latest Security Breaches Survey reveals.
Of the 1,000 organisations questioned, only 44% of large businesses and 20% of small businesses use e-mail filtering software. As a result, businesses are paying for extra bandwidth and staff are wasting time dealing with unwanted mail, said Simon Perry, vice-president of security strategy at Computer Associates.
"If you are paying for hardware and software to carry this traffic, you are paying for a 40% overhead you don't need," he said.
The survey found that although spam is a major issue for 10% of companies and a moderate issue for 22% of firms, 33% do not regard it as a problem.
This is more likely to be evidence of complacency than a sign that they have beaten the problem, said Perry.
Spammers are increasingly adopting social engineering techniques borrowed from virus writers to persuade people to open spam e-mails, potentially placing businesses at risk if the spam contains illegal or offensive material.
Consultancy PricewaterhouseCoopers said businesses should combine their anti-spam and anti-virus technologies, as spammers and virus writers increasingly use the same technologies.
The full results of the survey will be launched at Infosecurity Europe, London 27-29 April