Workers misusing the internet are the second-largest cause of security incidents in large UK companies after viruses, a government-sponsored study has found.

Two-thirds of large businesses had at least one online misuse incident last year and small companies reported hundreds of email abuses every day, according to the results of the latest Department of Trade and Industry's biennial Information Security Breaches Survey. The survey was conducted in late 2005 by PricewaterhouseCoopers and included 1,000 UK companies.

Despite the high levels of abuse uncovered, misuse of the web at work seems to have levelled off recently, the study found. In an earlier study published in 2002, 8 percent of the businesses surveyed reported internal misuse of the web. That figure grew to 17 percent in the 2004 report and has stayed at that level in the most recent study.

Many of the worst incidents, 41 percent, involved staff accessing inappropriate websites, with the most serious involving illegal material such as child pornography.

Companies of all sizes seem to be recognising the potential damage that such misuse of the internet and email can cause. The study found that last year 63 percent of companies surveyed had an acceptable usage policy, compared with 43 percent in the 2004 study. Among large businesses quizzed in the most recent survey, 89 percent had an acceptable usage policy.

Nevertheless, companies aren't taking risks seriously enough, according to the survey's authors. Only 38 percent of all companies said they blocked access to inappropriate websites. Among large companies that figure was much higher: 74 percent.

The study found that despite the high number of incidents, the cost of such misuse is relatively low compared with other types of security breaches. Fewer than 10 percent of incidents caused business disruption or direct cash losses, the study found.

Additional results from the study will be released in late April.