More than one third (37%) of IT directors say their company has experienced data leakage or data theft in the last 12 months, and more than 80% of IT directors see internal security threats as being more significant than malicious hacks.

These are the findings of a report by Secure Computing Corporation, which uncovers rising concern about insider threats – presumably in the wake of high-profile public- and private-sector data losses in the last year. Despite the once traditional view of security threats being the domain of 'black hat' hackers, IT directors offered their widespread acknowledgement of being unprepared for Web-based attacks. Less than one in five respondents (17 per cent) feel that external threats are more dangerous.

With 37% of respondents reporting data theft or leakage in the past 12 months, internal security is at the top of IT Directors’ shopping lists when respondents were asked to rank potential future investments that included perimeter security, staff mobility and network performance.

The report found that email remains the enterprise Achilles heel, cited by 34 percent of respondents as a significant security threat. Interestingly, Voice over IP (VoIP) comes second, cited by one quarter of the directors surveyed.

The biggest budgets will be spent on strengthening internal security, with 35 percent of IT Directors identifying it as their priority planned investment. Surprisingly, considering the global downturn in the economy, 'IT asset management for cost savings' is the lowest priority.