Workers misusing the Internet cause the most security incidents after viruses in large UK companies, a new government-sponsored study has found.

Two-thirds of large businesses had at least one online misuse incident last year and small companies reported hundreds of e-mail abuses every day, according to the results of the 2006 UK Department of Trade and Industry's biennial Information Security Breaches Survey.

The survey was conducted in late 2005 by PricewaterhouseCoopers LLP and included 1,000 UK companies.

Despite the high levels of abuse uncovered, misuse of the Web at work seems to have levelled off recently, the study found. In the 2002 study, 8 percent of the businesses surveyed reported internal misuse of the Web. That figure grew to 17 percent in the 2004 report and has stayed at that level in the most recent study.

Many of the worst incidents, 41 percent, involved staff accessing inappropriate Web sites, with the most serious involving illegal material such as child pornography.

Companies of all sizes seem to be recognising the potential damage that such misuse of the Internet and e-mail can cause. The study found that last year 63 percent of companies surveyed had an acceptable usage policy, compared to 43 percent in the 2004 study. Among large businesses quizzed in the most recent survey, 89 percent had an acceptable usage policy.

Still, companies aren't taking risks seriously enough, according to the survey's authors. Last year, 38 percent of all companies said they blocked access to inappropriate Web sites. Among large companies that figure is much higher at 74 percent.

The study found that despite the high number of incidents, the cost of such misuse is relatively low compared to other types of security breaches. Fewer than 10 percent of incidents caused business disruption or direct cash costs, the study found.

Additional results from the study will be released in late April.