I'm not aware of any study, but one could certainly exist. The general best practice is to set the timeout so that it can provide adequate security and not be inconvenient to the user. I would suggest anwhere from 10-20 minutes. An even more critical issue to is train (and require) your users to lock their screens when they leave their PCs. If they're using Windows, that's just a matter of two quick steps: press Ctrl-Alt-Del and Enter (to select the Lock Computer option).
For more more info on this topic, visit these SearchSecurity.com resources:
Dig Deeper on Endpoint protection and client security
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.