U.S. Businesses Underfund Security Training

By Lawrence Walsh  |  Print this article Print


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

BLOG: U.S. businesses spend the least amount of money on security awareness and certification training than businesses in other mature and emerging markets, according to a new report by CompTIA. These same businesses are also suffering more breaches and increases costs related to security incidents. The message is clear: businesses need help in raising the level of security awareness.

How pervasive are security breaches? According to the CompTIA 7th Annual Security Research Study, 38 percent of businesses in the United States suffered at least one or more serious security breaches in 2008, and the average number per business topped at least one incident per year.

The fact that one in four businesses reported a serious security breach should be surprising; surprising in the sense that it should be a much larger number. But businesses tend to underreport security incidences, especially if there’s a potentially negative impact on their reputation or could result in regulatory penalties. On a scale of 1 to 10, the average severity of the most serious security breaches last year is 5.94 and result in an average cost of $74,000.

What is the most prevalent cause of these breaches? Of course, we want to say clever hackers, more potent and voluminous malware, and ubiquitous botnets as the root case. The reality is hapless humans who either are ignorant to what they’re doing or naively operate applications and devices without a care of risks, according to the CompTIA study. For the past two years, the number of breaches caused by either human error alone or a combination of human error and technical malfunction accounted for roughly six out of 10 incidents, the study concludes.

>> Click here to read the full blog entry

Lawrence Walsh Lawrence Walsh is editor of Baseline magazine, overseeing print and online editorial content and the strategic direction of the publication. He is also a regular columnist for Ziff Davis Enterprise's Channel Insider. Mr. Walsh is well versed in IT technology and issues, and he is an expert in IT security technologies and policies, managed services, business intelligence software and IT reseller channels. An award-winning journalist, Mr. Walsh has served as editor of CMP Technology's VARBusiness and GovernmentVAR magazines, and TechTarget's Information Security magazine. He has written hundreds of articles, analyses and commentaries on the development of reseller businesses, the IT marketplace and managed services, as well as information security policy, strategy and technology. Prior to his magazine career, Mr. Walsh was a newspaper editor and reporter, having held editorial positions at the Boston Globe, MetroWest Daily News, Brockton Enterprise and Community Newspaper Company.

Submit a Comment

Loading Comments...