What is the leading cause of cybercrime? Bad guys. How? They take advantage of Microsoft's security holes. Why? Because they can.

That's what many people believe. However, a significant percentage of cybercrime is actually the fault of the very companies that want to protect themselves. Many companies make timid, awkward and ineffective attempts at teaching their staff about company security policies. This occurs because most corporate security policies are boring, unintelligible tomes. Ergo: No one pays attention to them.

I spend a lot of time helping companies get their security message across to their employees. But I don't know of one employee at any company who cares one iota that "our policy is designed to take maximum advantage of our internal IT skills, protect our operating environment and prosecute offenders to the maximum extent of the law."

Instead, I've found that employees care - and listen - if you educate them about protecting themselves from cyberstalkers, their kids from predators and their families from fraud.

Consider the following, gleaned from a variety of authorities, including Gartner, Forrester Research and the Federal Trade Commission:

• Cybercrime costs the global economy $1.6 trillion annually. Six million children have been solicited online for sex in the past year. Which statistic is more important to working moms and dads?

• The indirect losses to a company from intellectual property theft are 10 times as great as the direct loss itself. Every minute 13.3 people have their identity stolen, each taking up to 600 hours and several years to repair. Which figure is more compelling to office workers?

• Eighty-nine percent of all companies have had their Web site hacked. At any one time, 1 million American women are being cyberstalked. Which statistic gets your attention?

• There are 42 million domains on the Internet. The annual U.S. revenue from pornography ($12 billion) is almost twice as big as the combined revenues of ABC, CBS and NBC ($6.2 billion). Which number makes you think twice?

Should workers care that viruses cost industry $55 billion in 2003 (double the amount in 2002) or that a computer virus/worm/spyware in their home computer can lead to instantaneous identity theft? Should we tell workers that the office is a porn-free zone, or that 2.8 billion pornography spam-mails are sent every day, and 80% of 15- to 17-year-olds have had multiple hard-core exposures? While conscientious workers care about how cybercrime affects their companies, they're more concerned about how it might affect their families