OK, the headline is misleading, the UK survey, carried out by AVG, suggests that 52% of 'Small Firms' have no security policy for their staff.
That's still disappointing although not suprising.
It's disappointing as it takes very little effort to produce a basic policy document, without which the employees of the organisation are pretty much given free reign to take whatever actions they see fit. This may engender a culture of achiving the organisational goals but it exposes the organisation to risks of software piracy, copyright infringements and malware. When users of a system are given such freedom, it is often the organisation that is held accountable (and liable) when the proverbial hits the fan.
There is a very high chance that some of these organisations are processing personal information which makes this even more worrysome. Data protection Act, anyone?