Security breaches are the fault of poor IT security polices, even if they can be traced back to one individual, one expert has suggested.

Debi Ashenden, a research fellow at the Defence College of Management and Technology at Cranfield University, explained that firms need to do more to educate users about the importance of IT security, reports ZDNet.

Speaking at the Cyber Warfare 2008 conference, she claimed that this area is overlooked by many companies when considering IT security.

According to the news provider, Ms Ashenden said: "Lots of organisations claim to have a culture of information security but in most cases I would say that this is not true and unfounded.

"We need to get end users on side. We can't ignore them anymore. We need to move away from command and control and interact with them."

Her comments echo the findings of a recent PricewaterhouseCoopers survey which suggested that while firms are introducing ever stricter IT security measures they are failing to educate their staff about them.

According to a recent survey by Connect, the two biggest IT headaches for businesses were 'everyday hassles with IT' (37 per cent) and 'security concerns' (32 per cent) In a recent survey of SMEs for Connect, the two most important benefits of outsourcing were 'guaranteed response times' and 'allowing in-house IT staff to concentrate on more strategic issues'