One in four workers believe their employer needs to do more to communicate information security policies effectively, with just under two thirds admitting that ignorance or lack of understanding had already led to a security breach.

These are the findings of a survey undertaken among 2,000 office workers across the world by security software provider Clearswift. The study also revealed that, while 74% of respondents claimed to be confident that they understood internet-related policies, a third had received no training since joining the firm, even though 62% of respondents started work there more than five years ago.

Richard Turner, Clearswift’s chief executive, said: “This ignorance and concern is just a hindrance in today’s enterprises. It’s time for companies to get to grips with making a policy a living, breathing part of their business that is relevant to everyday corporate life – not just a tick in the box when it comes to the induction period.”

All too often, policies were simply documents that were referred to when something went wrong, but there was no point having one unless everyone was aware of it and understood why it was necessary, he added.

“Policy, not policing, is the answer to ensure confidence is well placed to tackle the challenges that organisations face,” said Turner.

His statement was backed up by the fact that one in seven workers were unsure whether they were breaching corporate policies, albeit inadvertently, while 17% believed that security policies were more about apportioning blame than protecting important information.