A typical company with 3,000 employees spends $2 million to $7 million combating spam each year, according to research firm Gartner.

One of the fastest-growing Internet threats, spyware, is expected to drive these costs even higher. Research firm IDC expects anti-spyware spending to climb from $31 million in 2004 to $305 million by 2008.

Few of the business-technology professionals surveyed in InformationWeek Research's Triple Threat: Spam, Spyware, And Adware survey say that spyware would be less of a problem if employees took the time to thoroughly read user agreements.

Of the 400 survey participants who are responsible for their companies' networks or E-mail applications, or are involved in selecting anti-spam and content-filtering software, three in five say that spyware still would be a menace even if employees read their user agreements more carefully. Respondents at companies of all sizes express the same opinion.

What companies are doing to combat spyware is educating workers about the danger of the threat. Two-thirds of sites are teaching employees about the possible risk that free games, unauthorized software, or opening E-mail attachments can pose to company security and productivity. Anti-spyware education is a wide-scale initiative, too.

Of the study's 193 companies with annual revenue of less than $100 million, three in five are fighting spyware with employee education. Two-thirds of midsize companies also are providing training in spyware prevention. And among the study's 84 sites with annual revenue of $1 billion or more, 61% say anti-spyware education is being used.

Not many companies have implemented policies that prohibit the downloading of programs except by authorized personnel. Only two in five of the full 400 sites surveyed have such a policy.