IT managers are more concerned about end-user abuse of IT systems than attacks from hackers and other threats, according to new research.

The 2007 State of Security Report, sponsored by security vendor Websense, surveyed 158 employees and 159 IT managers from Australian companies with more than 50 staff.

Managing end-user online activity is the most frustrating part of the IT manager role, according to the survey, which found 59 percent of surveyed companies do not block peer-to-peer file sharing, while 47 percent do not enforce Internet usage policies through filtering applications.

Budget constraints were the second highest concern reported by 48 percent of IT managers, followed by lax attention to security (25 percent) and ease of deployment (18 percent).

Most organizations (87 percent) deployed multiple URL filters, with phishing scams listed as the biggest threat (58 percent), followed by spyware (56 percent ) and instant messaging (51 percent).

Lost banking details (30 percent) and credit card numbers (20 percent) is considered worse than having company data stolen (17 percent), according to end-user responses.

Up to 117 (74 percent) of the non-IT staff surveyed thought they could be sacked for leaking secret company documents or viewing pornography, while 100 (63 percent) considered introducing spyware and viruses a dismissable offense.

IT managers were slightly more relaxed, according to the survey. Employees would be axed if they leaked sensitive documents according to 90 (56 percent) IT managers, letting viruses loose on company networks (52 percent), and downing pornography (34 percent).

IT managers and employees clashed over the time end-users wasted browsing the Internet for personal use. IT staff claimed non-IT users spend 1.5 hours a day visiting banking sites (46 percent), reading news (39 percent), accessing personal e-mail accounts (29 percent) and visiting jobs sites (18 percent).

However users argued the figure is closer to 45 minutes a day, and they spend about 85 minutes surfing the Web as part of their job.

Queensland end users may be Australia's most ardent workers, according to responses which showed they splurge 30 minutes of paid time a day browsing the Internet for personal reasons, compared to the equivalent NSW figure of 53 minutes.

However the figure falls short by more than an hour, according to their IT managers who estimated they waste more than 95 minutes a day on the Web.

More than a third (37 percent) of employees do not make up for time wasted on the Internet, while 28 percent work 15 minutes longer, and 17 percent put in an extra 30 minutes.