The research suggested that while most companies valued employee induction processes very highly, one-third (32 per cent) included security as part of that process and just 39 per cent outlined an internet usage policy. This is despite three-quarters (73 per cent) of firms claiming to have reviewed their induction policy for new employees over the past 12 months.

In some cases, this was because the organisation concerned did not have a set policy on IT security in place, the research highlighted.

Only two in five firms (39 per cent) had guidelines for employees on e-mail content and language usage, while 28 per cent had policies on using portable storage devices and less than one-quarter (23 per cent) had laptop usage procedures. Taking IT equipment outside company premises is one of the most likely ways to lose both equipment and data.

Companies were more aware of the problems of spam, viruses and software or file downloads, with about half of firms surveyed providing guidelines on these issues.

"While many businesses make a priority of employee induction, many are failing to effectively cover a major part of any employees working life - their PC and internet usage policies," says Greg Day, a security analyst at McAfee.

"Companies are failing to capitalise on the opportunity that is presented by new workers to instil a sense of vigilance and security into their workforce.

"This oversight, coupled with a clear lack of enforcement, increases the risk of new employees, either consciously or inadvertently, breaching corporate security protocols."

The survey also revealed an alarming culture of "responsibility roulette" between firms and employees over who should take control of ensuring key IT equipment and company data remained safe.

For example, more than two-thirds (67 per cent) of business owners believed employees were to blame if a laptop was stolen away from work premises, and 55 per cent felt employees were guilty if a personal e-mail spread a virus on a company server.