The majority of staff would blame their employers for lapses in online security in the workplace, according to a survey by internet filtering software firm SurfControl.

More than 1,000 staff were surveyed in the UK, Netherlands, US, Singapore and Australia, with 64% saying they would blame their employer if company information were stolen from their work computer. Over half (53%) would also shift the blame to employers if their ID were stolen after a security breach on their machine. Some 34% would blame put the blame on their employer for weak security if someone hacked into their bank account from a work PC.

The transportation of data is an area of concern. The majority (72%) of UK workers use USB devices, which can easily bring in viruses or take data away from the office. A further 66% send confidential data on emails. And eight in 10 mobile workers regularly access the internet from insecure networks off site.

The survey also reveals the challenges to change employee behaviour. Many workers, particularly in the UK, take a slack attitude towards work email, with 40% of UK staff admitting to forwarding office gossip.

It is easy for UK staff to get away with poor security practice. The survey revealed 34% claim to have total control over their office computer and worldwide 26% feel they have been left with the task of updating antivirus and anti-spyware software.

IT departments have faced difficulties improving online security at work because employees have sometime been resistant to change. In 2002, over half of workers said that they did not want monitoring of their emails or web use.

Richard Cullen, chairman global technology strategy at SurfControl, said: "This research highlights the importance of applying a consistent security strategy across all employees, regardless of where or how they access the corporate network." Monica Whitty, the researcher, said it was necessary for employers to "be cautious when it comes to protecting confidential data".

Two years later, a small change began to appear when some workers surveyed indicated they would like employers to take greater control of some areas of online activity. A quarter of those surveyed said they would take legal action against their employers in the case of a colleague not being stopped from accessing pornographic material on his or her work PC.

One way to protect office data is through encryption, which despite its availability has been slow to catch on. Investments in anti spam technologies, have not delivered the return some IT departments had hoped.

Part of the problem is that hackers are continually developing the sophistication of their attacks and phishing is widespread. But it is increasingly clear to employers that they must demonstrate to their staff that they too must act responsibly with data and work technology.