A large proportion of UK businesses are ignoring security on wireless networks, VoIP services and USB Flash drives, according to a recent report from the National Computing Centre (NCC).

The annual Benchmark of IT Strategy 2007 report reveals that 40 per cent of respondents have either not secured, or only partially secured, their wireless networks, while 15 per cent of companies have not implemented VoIP security.

Three-quarters of companies recognise that USB storage devices present a security risk, yet only 11 per cent have any kind of security system in place to govern their use on the corporate network.

It is frequently stated that security is a management, rather than a technical, issue but this truism has had little impact on the companies in the NCC report.

A quarter of respondents indicated that formal security training for end-users was 'not relevant' or 'not considered', and fewer than half had implemented security training for users.

However, high-profile cases of data loss from laptops have made more of an impression; some 20 per cent of respondents have implemented laptop security and over 20 per cent plan to do so.

The report added that UK companies spend on average 3.3 per cent of their IT budgets on security, but much of this is focused on virus protection, firewalls and spam blocking.