Employees are a bigger IT security threat to an organization than hackers, according to a new survey conducted by an IT security firm, reports [1] vnunet.com.

Secure Computing says [2] that more than 80 percent of the 103 IT directors they polled in April at the Infosecurity Europe [3] exhibition in London said insider threats scare them more than external threats.

"This could be in part due to the fact that 37 percent of respondents have experienced leakage of sensitive information in the past year," notes Secure Computing. "In line with this, internal security is at the top of IT directors' shopping lists when respondents were asked to rank potential future investments that included perimeter security, staff mobility and network performance."

The survey also discovered IT directors feel e-mail is their organization's biggest "Achilles' heel" (34 percent), followed by voice-over-Internet protocol (25 percent) and Web surfing (21 percent), respectively.

Of external threats, IT directors don't fret as much about hackers as they do malware. Fifty-six percent identified malware as their biggest concern, whereas only 22 percent say hackers wreck their peace of mind.

IT security continues to lose its "necessary evil" label among decision makers, Secure Computing says, as almost 90 percent of respondents said it is at least as important as any other IT project.

"It's fascinating to see how perceptions of the threat landscape among senior IT decision makers is evolving, with the insider threat and data leakage rivaling traditional external threats among IT directors' primary concerns," said Kieran Lees, a regional sales director for Secure Computing. "It's also very encouraging to see that security is starting to be seen as a genuine business enabler rather than just a necessary evil."