A new study says companies are lagging seriously behind when it comes to protecting themselves from new threats in the Web 2.0 world. While Web-based threats have become more common in recent years, businesses are still focused on e-mail threats, according to the research.The study, which was released Wednesday by Colorado-based security software vendor Webroot, found three out of 10 organizations have seen their businesses' Web security compromised by employees using personal Web mail accounts, visiting social networking sites and downloading videos. Webroot surveyed 648 organizations in the US, UK, Australia and Canada, and found over a third thought their employees spent at least an hour per day on non-work-related sites. Businesses are taking measures to protect against e-mail-based threats, but they are not yet attuned to the greatest threat vector today: Web-based threats driven by employee Web use," said Mike Irwin, COO of Webroot, in a release on the finding. "We found that Web-borne malware increased over 500 percent in 2007 as cybercriminals developed new ways to attack on-site and remote employees through personal Web mail accounts, social networking sites and other Web 2.0 applications. In the current threat environment, businesses must utilize a Web security solution that provides an additional layer of in-the-cloud protection for corporate and mobile users."The study notes that 85 percent of malware is now distributed through the Web and cited industry research that shows 49 percent of businesses allow employees unlimited access to social networking sites, which do not monitor their content for malware."Employees and businesses regularly use blogs, Wikis and other online information sources that are more susceptible to hackers and infections because they include content from numerous anonymous contributors, rather than one trusted source," said Irwin. "However, awareness is only just beginning to grow among the IT professionals responsible for protecting these organizations. Nearly 30 percent of the IT decision-makers we surveyed did not know if their organization or its employees are using Web 2.0 applications."Webroot found that lack of knowledge was not for lack of fear. Nearly half the businesses surveyed said they were concerned about data breaches.