Almost two thirds of firms have no measures to detect internal attacks or to protect against them - leaving systems open to "invisible" hacks, a new study has found.

Of 500 European IT managers questioned by security firm Websense, 60 percent said their company does not have systems in place to guard against internal threats.

"The problem is that it's happening invisibly without IT managers' knowledge," said Websense technical director Mark Murtagh. "They think they have an umbrella of security that will keep them dry but in reality it's full of holes."

Jay Heiser of analyst Gartner said firms should only give staff access to parts of internal networks that are essential to their jobs.

Internal hacking is not the only area being ignored, however. According to the report, 62 percent of firms said they could not block phishing attacks, while 35 percent felt unable to deal with spyware.

Separate research released by security firm SafeNet found that over half of staff write their passwords down. And over a third share their passwords with others.

Rob Ellis of SafeNet said firms could improve security by replacing password systems with tokens or smartcards combined with a PIN.