The majority of UK workers have no instruction from their employers on how to protect themselves from data loss or malicious software, according to research.
A snapshot survey of 700 UK workers reveals that nearly two thirds (64 percent) do not receive any training or material to educate them on IT security issues, such as how to avoid downloading malware or how to prevent the loss of sensitive data.
Whether the survey is definitive or not, the findings should worry IT security professionals who have long understood that insider threats are the greatest danger.
The results should also be of concern to compliance and audit teams who are charged with ensuring staff are adequately briefed on security.
In addition, a quarter of workers (23 percent) did not believe that the protection of sensitive data was even an issue in their workplace.
But despite this lack of training the survey - from security firm Guidance Software - reveals that most employees are taking a responsible approach when it comes to protecting corporate data.
Whilst just 16 per cent believe that it is the sole responsibility of the IT department to enforce policies to protect sensitive data, 61 percent believe that all employees are responsible for playing a part in the protection of company data.
A similarly high proportion - 50 percent - believe that it is not acceptable for employees to connect their own personal devices such as iPads or MP3 players to the corporate network.
Frank Coggrave, of Guidance Software, said, "What is most concerning about this data is the chasm that exists between businesses and their employees.
"A large proportion of workers clearly believe they play an important role in protecting against malware attacks and keeping data secure and half understand the risks associated with devices. But the majority are not being adequately trained."
He said IT leaders need to recognise that employees can become a security risk or an important ally in protecting against loss or theft of data or malware.
Free pizza can go a long way in helping to raise the awareness of security among employees, according to the chief information security officer (CISO) of Lehman Brothers Holdings.
Speaking on a panel at the recent Infosecurity Europe conference in London, Michael Everall, CISO at LAMCO LLC - Lehman Brothers Holdings, said that education, training and raising awareness of end users was key to addressing security issues around mobile devices.
Everall said that enticing end users to security awareness training sessions with the offer of pizza was surprisingly successful.
"A little bit of stick and a little bit of pizza helps to get things across," he said.