Senior managers may recognise the risks of lax IT security, but they seldom practice what they preach.

A new report to be published today from the Economist Intelligence Unit has found that, while board members see security as one of the top issues facing their companies, their knowledge of best practices is lacking.

Four out of five admitted to opening an email attachment from someone they did not know, and one in five confessed to using their own name as the password to access their network.

"There's a serious problem here," said Gareth Lofthouse, senior editor at the Economist Intelligence Unit.

"If the top brass can't follow basic security procedure, what does that say about the company's commitment to best security practice?

"It's easy for a company to throw money at a problem, but the real challenge is instituting a broad corporate culture shift."

The survey found that security was the second most important factor affecting IT systems, with network availability topping the list.

But, despite increasing security spending, firms reported rising levels of attacks on corporate systems.

"You really have to get on top of your employee education," said Joe Dauncey, security consultant at comms vendor AT&T's Technical Centre of Excellence.

"From a value for money perspective it's more cost effective to sit down with your staff and say 'Don't do this' rather than spending vast amounts on security devices that are being subverted by bad practice.

"As a service provider when we're taking over a company's IT systems we have to do a thorough review of best practice and the network architecture."

The survey polled 237 companies to determine management's view of perceived and real security threats now and in the future.