
GSS reckons that the cost to UK Plc is close to £6.5bn a year in lost productivity and extra demand on network bandwidth.
"Social networking sites are now integral to the way that many of the latest and youngest recruits into the workforce communicate and work," said David Hobson, managing director of GSS.
"So, for some sectors, social networking sites may have a part to play in terms of competitive advantage or for research or as a marketing tool."
A recent meeting of 20 chief information security officers held by Infosecurity Europe found that one of the biggest IT concerns is how to manage social networking sites at work.
Most executives estimated that between 15 and 20 per cent of current bandwidth is taken up with social networking sites, and that the best move for many companies is to ban these sites altogether.
"It would appear that most chief information security officers and IT directors loathe social networking sites and would ban them completely if they had their way," said Claire Sellick, event director for Infosecurity Europe.
"But what is also coming across is that HR departments actually welcome the use of these sites, so there is a lot of internal pushing and shoving between HR and IT over how best to manage these sites."
Some commentators have pointed out that most employees who spend excessive amounts of time on sites like Facebook and MySpace will simply find another way to waste time if access is cut off, thereby negating the productivity boost.
"It comes down to a fine balancing act, and mostly a case of introducing a 'reasonable use' policy," said Hobson.
"But there are serious security implications associated with social networking. Hackers and extortionists are worming their way into these sites and extracting all sorts of information on members.
"Our advice to anyone using these sites is to give as little personal information away as possible."
David Lacey, a member of the British Computer Society Security Forum Strategic Panel, warned that lost productivity is the "tip of the iceberg".
"The threat of social engineering to hijack sensitive information is real and growing," he said.
"Current acceptable use policies are far from acceptable. They are poorly written, maintained, communicated and enforced."