According to the results of the Global Corporate IT Security Risks 2013 [PDF] survey, conducted by Kaspersky Lab and B2B International, 65 percent of companies assign their own tech support department to train employees on IT security, rather than turning to outside consultants or commissioning IT security professionals.

While doing so can overburden corporate IT departments, only 12 percent of respondents reported having turned to a third-party consultant with the requisite training expertise instead. Just 3 percent said they commission an outside corporate training provider.

And 4 percent of survey respondents said their companies don't train their staff in IT security at all.

Still, the survey found that four out of five of the most common internal security incidents in the past 12 months were directly linked to employee actions. 32 percent of respondents reported accidental leakages of confidential data, 30 percent reported employees losing corporate mobile devices with critical data on them, 19 percent of companies reported intentional staff-facilitated data leakages, and 18 percent of companies had dealt with incidents got into the wrong hands due to the improper use of mobile devices.