More than 50% of businesses consider their own employees to be the greatest IT security threat, according to a new survey by IT Governance.
The survey found that 54% of respondents believe that insiders are the biggest threat, compared to 27% who fear criminals the most, 12% state-sponsored cyber attacks and 8% competitors.
Despite this, a quarter or respondents said their business had received a "concerted cyber-attack" in the past 12 months.
The true number could be higher, IT Governance remarked, as 21% of respondents said they do not know whether or not they suffered such an attack.
The UK government, among many others, has made a concerted effort to make IT security a board-level issue. IT Governance's survey suggests that there is some board level recognition of IT security, but that there is room for improvement.
The majority of respondents (58%) said their organisation gives the board of directors "regular" report on the state of its IT security. That is an encouraging figure, but for 35% of those companies that provide reports, they are filed "less than annually".
Only 30% of respondents said that an understanding of IT security is a pre-requisite for a position on the board.
Other findings from IT Governance's survey include the fact that 50% of respondents said customers had enquired about their IT security measures in the past 12 months, and that 26% have lost sleep because of worries about IT security.
IT Governance surveyed 260 respondents, mostly business and IT executives from businesses in the UK and US.