A quarter of IT managers in small and medium sized enterprises (SMEs) across Europe believe that employees are ultimately responsible for guarding against IT security breaches.

That's according to a survey of 750 IT managers and employees in SMEs in five European countries.

And the survey, commissioned by Websense and carried out by Dynamic Markets, revealed that European employees reckon they are spending an average of just under two hours a day online, with over half an hour browsing non work-related sites.

IT managers, however, believe the employee non-work surfing average is 48 minutes a day – equivalent to four hours a week.

Although employees acknowledge that they spend an average of two and a half hours a week freely surfing the web for pleasure, less than half (47 percent) of IT managers surveyed use web filtering software to protect their employees from hidden and invisible web-based threats.

And almost a third (31 percent) of employees surveyed said they could not live without being able to access websites at work known for being high security risks, such as peer-to-peer (25 percent) and free software download sites (17 percent).

Twenty-three percent of SMEs have Internet use policies in place but do not require an employee to officially sign the policy. A further 16 percent admitted to not having a usage policy at all, saying that trust in their employees was adequate in order to prevent abuse.

Yet nearly a third of IT managers (32 percent) rated 'employee behaviour' as the leading cause of job frustration when it comes to implementing and maintaining IT security, with IT security "not being high enough up the corporate agenda" being the second highest at 27 percent and "budget constraints," coming in third place at 21 percent.