A global survey of IT managers by IDC has shown that the majority of businesses think that being hacked from outside is highly unlikely.

Just 15 per cent of the companies questioned thought that they would lose data to hackers, while three times as many thought that employee carelessness would cause a breach. However, if a hacking attack did occur, it would cause the most damage, according to the survey.

"The challenge when protecting an organisation from internal attack is that traditional defences are designed to face outwards at the perimeter of a network, whereas the inside of the network remains relatively free of security controls," said Neil Campbell, global general manager of security solutions at Dimension Data, which sponsored the research.

"Compounding the problem is the fact that security awareness training initiatives for employees often go unfunded. This is because organisations find it difficult to demonstrate a return on investment for such training."

The most likely information to be lost, according to the survey, is intellectual property.

"The next most severe impact would come from customer sensitivity to security and privacy, followed by the availability of IT systems in order to offer products and services," said Eric Domage, programme manager for European security products and strategies at IDC.

More than 400 companies were surveyed in 18 countries, and the most likely security incidents were PC theft or loss (cited by 54 per cent), spam attacks (45 per cent), misuse or hacking (45 per cent) and spying tools (45 per cent).