Many small and medium-sized businesses in the UK may be putting themselves at risk by failing to ensure that their employees fully understand the Information and Communication Technology (ICT) security policies they have in place.

A joint survey by NETconsent and The Federation Against Software Theft found that 94 per cent of firms do have such schemes in operation, with 60 per cent updated on an annual basis.

Despite these encouraging stats, however, concern was caused by figures showing that 44 per cent of respondents admitted lacking confidence that their employees fully grasped the meaning and implications of these policies.

The risk of potentially-damaging breaches was attested to by figures showing that 40 per cent of those surveyed had previously been forced to initiate disciplinary procedures as a result of failures to comply with agreed ICT policies.

"It is surprising that such a high proportion of respondents have concerns surrounding their colleagues' understanding of policies yet still don't have a process to educate and test policy recognition. Effective policy management is fundamental to managing risk and improving compliance," commented Dominic Saunders, NETconsent's operations director.

Despite the rapidly-changing face of IT and the internet, one in ten respondents to the survey admitted never updating their ICT documents.

In a recent survey of SMEs for Connect, the two most important benefits of outsourcing were 'guaranteed response times' and 'allowing in-house IT staff to concentrate on more strategic issues'