Web 2.0 has made its way into a preponderance of enterprises, but most companies still aren’t adequately protecting themselves from Web 2.0-related threats, according to new research by Forrester Consulting.

Ninety-seven percent of the 153 IT pros surveyed said they considered themselves prepared to handle security threats posed by blogs, wikis and other Web 2.0 technologies, yet 79% still reported suffering frequent malware attacks. That’s because, or so says the survey, less than 5% have “comprehensive” Web 2.0 security plans in place.

The problems with these findings, as I see it, are that the study doesn’t say what percentage of malware attacks were actually related to Web 2.0 (as far as we know, most of the attacks could have been due to more traditional IT threats) and it doesn’t explain just what makes a Web 2.0 threat different from a conventional IT threat. I’ve sent an email to the PR guy to get some clarification on this and I’ll update you if I hear back.

The one interesting, though incongruous, finding of the study, which was sponsored by security vendor Secure Computing, is that 96% of respondents said their enterprise has already found value in using Web 2.0 applications, but 57% believe denying employees access to social-networking and “rich media” sites would “visibly” increase productivity. So most IT pros see the potential value of Web 2.0 technologies but aren’t sure its positives outweigh its negatives.

The study concludes that IT departments need to re-examine security policies and update them to take Web 2.0 into account, and should educate users about what is and what isn’t responsible Web 2.0 behavior. Sounds like good advice to me.