Businesses Suffer From Lack of Security Awareness

More than half of organizations slow to act against IT security threats, according to findings of a new study released today. The study reveals that a large discrepancy exists between the information technology security and that businesses say they need and the level of education and prevention occurring within these organizations.

The third annual CompTIA study on IT Security found that even with the heightened awareness of the threat IT security breaches can have on businesses nearly 50 percent of organizations experienced a major IT security breach – defined as one that results in the loss of confidential information or interrupts business – and did not take all the steps necessary to protect themselves.

The study highlights the following topics: over 50 percent of businesses do not have written IT security policies, two percent have no plans to implement security awareness training for their employees, 66 percent have no plans to hire IT security personnel in the next year, 27 percent require IT security training, 80 percent blame “Human Error” for security breaches, 89 percent believe that major security breaches have been reduced as a result of IT security training and certification.

"Security assurance continues to depend on human actions and knowledge as much, if not more so, than it does on technological advances," said Brian McCarthy, chief operating officer, CompTIA. "Organizations are relying on the Internet more than ever before, making the storage and housing of personal account information and proprietary data even more vulnerable to identity theft and data corruption. This is especially true for large organizations with multiple points of vulnerability and thousands of employees."

"To be truly effective in preventing and combating security threats, organizations need to take further steps by spreading security awareness and knowledge from a select group of IT staff to larger portions of their employee base," McCarthy said.