The sheer scale of the security threat presented by employees should not be underestimated.

Either knowingly or unknowingly, employees represent the biggest threat to IT systems or data security, and businesses in the UK are not doing enough about the problem because of a mixture of ignorance, skills shortages and a lack of investment. This is a recipe for reseller intervention.

According to a joint survey conducted by consultant PwC and the Department of Trade and Industry (DTI) on behalf of Microsoft, Entrust and Computer Associates, the problem of security breaches is far from under control.

The DTI Information Security Breaches Survey 2004 found that 74 per cent of all businesses (94 per cent of large firms) have had a security incident in the past year.

Malicious incidents, such as viruses, unauthorised access, misuse of systems, fraud and theft, rose dramatically with 68 per cent of firms (91 per cent of large ones) suffering at least one such incident in the past year. This is a rise of 44 per cent compared with 2002.

It is a shocking statistic, especially when you consider that each serious incident costs on average £10,000 (or £120,000 for large companies) through disruption of business.

The underlying cause of this chaos has been blamed on employees for opening unsolicited email, browsing inappropriate web sites and downloading files from peer-to-peer (P2P) networks.

It is not just the DTI that has recognised this pattern either, as the figures are echoed by a number of other reports.

The National Hi-Tech Crime Unit (NHTCU) report from February, for example, followed a survey of 201 large and medium-sized companies, 83 per cent of which said they had experienced some form of high-tech crime last year, such as virus attacks, fraud and criminal use of the internet by employees, costing them more than £195m.

Despite this, only 77 per cent of the companies surveyed carried out regular security audits and only 31 per cent had crisis management teams. Interestingly, the NHTCU noted that although virus reports were high, it is laptop theft that is a greater cost burden to businesses.

Clearswift's annual Spam Monitor poll suggested the lack of knowledge among employees is worsening the spam problem. The need to educate employees on spam and security issues has, the poll says, never been greater, as 22 per cent surveyed said they knew of employees who had responded to spam offers.

While most employees don't report spam to the IT department, more than a third of businesses don't have spam policies in place anyway.

Fifty-seven per cent of respondents said their companies' spam policies were either not communicated, or they didn't know if their firms even had any.

So the picture is a gloomy one, and it is no surprise there is a widespread call from security companies and analysts for security to be taken more seriously at boardroom level.

As file sharing and instant messaging (IM) increase, this desire for top-level action is becoming more acute. The belief is that no one has really grasped the enormity of the problem - and this is the channel's big chance.

"There is a great opportunity for resellers," says Dave Ellis, director of e-security at distributor Unipalm.

"Smart resellers are offering businesses a health check and offering customers reports and analysis on current security breaches.

"It's a 'try before you buy' approach, and if it proves to be successful the businesses are more than likely to buy the products and either manage them themselves or outsource the upkeep."

The suggestion that resellers should look to offer health checks and provide managed security services is an increasingly common one. Products from companies such as BlueCoat and Check Point enable resellers to 'sit' on the customer's network and monitor unscrupulous traffic.

Ubizen, which partners with both these companies and a host of others, is a managed security services provider and has made a whole business out of providing services to under-skilled corporations.

The key for resellers is to identify the potential market and pull together the necessary resources to service it on an ongoing basis.

"A key opportunity for resellers is in providing managed services," says Manny Pinon, sales and marketing director at Norwood Adam. "But there are still some big challenges. Keeping pace with a market that is evolving constantly is not easy, and few resellers have managed this successfully so far."

Norwood Adam has its own managed service, called Prism, that its resellers sell onto their customers. It is aimed at SMEs and consists of anti-virus protection, a firewall for content and URL filtering and 24-hour support.

Companies pay a monthly subscription of £95. But how do resellers keep up to speed with the constant external and internal threats?

This is a tricky one. Pinon believes resellers need to invest time and effort here so that any policies that have been implemented are not too static. Companies such as Ubizen have a dedicated team of experts that monitor the market, and new external threats in particular.

The key here for resellers is focus. Targeting local SMEs, for example, should be about stopping staff from increasing the risk of virus infection by regulating web browsing, spam filtering and non-work-related file sharing.

One of the best ways for resellers to organise their customers is by implementing and managing a security policy. There is a standard (ISO17799) that can help in the formulation of a policy, but it is important to also provide a little common sense.

Businesses should be thinking not about just data security but also about physical security.

According to Peter Goodenough, UK managing director of security supplier HI SEC International, the statistics from the NHTCU show that the security problem is not about just high-profile cases of worm and virus intrusion.

Physical security such as laptop theft also has to be taken extremely seriously, especially as the cost implications can be greater.