IT security is largely in the hands of workers, a new report has claimed.

The 2008 Information Security Breaches Survey, carried out by PricewaterhouseCoopers (PwC) on behalf of the Department for Business, Enterprise and Regulatory Reform found that employee behaviours is the key to IT security.

It stated that while awareness of the problem has grown among firms and works, simply putting guidelines in place is not enough.

Chris Potter, partner at PwC, said: "What companies are realising is that increasing security awareness is only part of the answer.

"The critical issue is changing the behaviour of their people. A 'click mentality' has grown up - users do what expedites their activity rather than what they know they ought to."

He added that only when this behaviour is changed do businesses reap the benefits of an IT security savvy culture.

Earlier this week the Information Commissioner's Office warned that firms that fail to protect customer data could lose business.

According to a recent survey by Connect, the two biggest IT headaches for businesses were 'everyday hassles with IT' (37 per cent) and 'security concerns' (32 per cent) In a recent survey of SMEs for Connect, the two most important benefits of outsourcing were 'guaranteed response times' and 'allowing in-house IT staff to concentrate on more strategic issues'