U.S. Businesses Underfund Security TrainingBy Lawrence Walsh | Posted 2009-06-10 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
BLOG: U.S. businesses spend the least amount of money on security awareness and certification training than businesses in other mature and emerging markets, according to a new report by CompTIA. These same businesses are also suffering more breaches and increases costs related to security incidents. The message is clear: businesses need help in raising the level of security awareness.
How pervasive are security breaches? According to the CompTIA 7th Annual Security Research Study, 38 percent of businesses in the United States suffered at least one or more serious security breaches in 2008, and the average number per business topped at least one incident per year.
The fact that one in four businesses reported a serious security breach should be surprising; surprising in the sense that it should be a much larger number. But businesses tend to underreport security incidences, especially if there’s a potentially negative impact on their reputation or could result in regulatory penalties. On a scale of 1 to 10, the average severity of the most serious security breaches last year is 5.94 and result in an average cost of $74,000.
What is the most prevalent cause of these breaches? Of course, we want to say clever hackers, more potent and voluminous malware, and ubiquitous botnets as the root case. The reality is hapless humans who either are ignorant to what they’re doing or naively operate applications and devices without a care of risks, according to the CompTIA study. For the past two years, the number of breaches caused by either human error alone or a combination of human error and technical malfunction accounted for roughly six out of 10 incidents, the study concludes.