The IT security industry has claimed it would be very difficult to hold security vendors liable for breaches suffered by small businesses and other users.

A recent government report argued that the sellers must do more to protect customers if the instance of security breaches is to be lowered, but companies such as McAfee and Symantec have argued that this is not a suitable solution.

"It would be very difficult to hold vendors responsible for breaches, as it really comes down to how solutions are implemented," said McAfee's Greg Day. "You would have to ask, 'Did they have it configured correctly, updated and maintained?'

"Every business has different IT security requirements depending on their business and IT footprint. A security vendor supplies businesses with the tools, but it is down the business to use them correctly."

However, this call for more end-user responsibility comes at a time when many IT managers in the UK feel they are not suitably prepared for managing security and compliance issues.

A study carried out on behalf of NetIQ found that 40 per cent of companies' upper managers were merely paying lip service to IT security simply to gain compliance status.

A recent Connect survey found that the two major concerns about outsourcing services like IT support were 'loss of control' (56 per cent) and 'budget over-runs' (43 per cent)