Over 40% of organisations think they are going to lose an average of £2,000 or more in productivity per employee from online xmas shopping at work during November and December.
ISACA, a nonprofit association that serves IT security, assurance and governance professionals globally, has carried out a UK survey of members to look at the latest trends in online shopping and workplace internet safety.
The ISACA survey of 250 members found that a mere 21% of members said their organisation's employees fully understood the risks associated with shopping online from their workplace computers.
More than 82% said their organisation either does not have or they are not aware of a policy that prohibits employees from shopping online.
There was also an expectation that there would be more online shopping from the work place than last year, with more than 51% predicting an increase.
Only 32% of organisations that allow online shopping educate employees about the risks. Only 31% of organisations prohibit using a work email address for online shopping or other online non-work related activities, even though allowing the use of work email can expose the organisation to greater volumes of spam.
Slightly more than one in 10 organisations had security measures in place to prevent employees from shopping online at work.
Lynn Lawton, international president of ISACA, said, "The challenge for organisations is not only to educate workers about information security, but also to change their behaviour.
"For example, it is one thing to make someone aware that it is wrong to click on a link from a spam email, but quite another to change their behaviour so that they do not click on these suspicious links."