CompTIA Research

Summary of “Trends in Information Security: A CompTIA Analysis of IT Security and the
Workforce”Survey Information

About the Study

The annual CompTIA in-depth research study on IT security focuses on identifying key trends in IT security, quantifying current and future spending on IT security, assessing the costs associated with IT security breaches, understanding the causes of IT security breaches and impact of these breaches, and determining the effectiveness of IT security training and certification. More than two thousand IT professionals responsible for security at their organizations answered the questionnaire. Respondents were from the United States, Canada, the United Kingdom, and China and represented a wide range of industries including Education, Financial Services, Government, Healthcare, and IT.

Key Findings

Information security is seen as a key risk among firms, with 80% of US respondents indicating that it is considered top priority by management. Nearly two-thirds of US firms, more than half of UK and Chinese firms, and two-fifths of Canadian firms have implemented written IT security policies.

The most widespread threats in the US today stem from spyware, the lack of user awareness, and virus and worm attacks. Canadian organizations indicate riskier browser-based attacks and wireless networking security while Chinese organizations indicate significant threats from spyware, viruses, worms, and browser-based attacks.

The percentage of their IT budget that companies dedicate to security is growing year after year. In the US, companies earmarked 12% of their IT budget in 2007 for security purposes – up from only 7% in 2005. The bulk of these dollars are used to procure security-related technologies.

Companies spend substantial amounts on prevention because security breaches can be costly if they occur. In the past year, US firms shelled out an average of over $200,000 as a result of security breaches, a third of which was attributed to the loss of employee productivity. Moreover, in the last year in the US, Canada and UK, IT staff members spent over 10% of their time dealing
with security breaches, and in China, almost 20% of their time.

Nearly 60% of US companies require IT security training for IT staff and more than half make training available to non-IT staff. Companies are also increasingly requiring IT security certification. Nearly 33% of US firms make certification required now compared to only 25% in 2006 and 14% in 2005. However, a full 78% of organizations in China require certification.Security training has saved US organizations upwards of $2.2 million in total, much of which is due to a reduction of server/network downtime and fewer impacts to employee productivity. Likewise, the provision of IT security certification has saved US companies over $675,000 in total for similar reasons.

---

Complete reports, white papers and Web poll results are available to CompTIA Corporate Members. Use the 'Member Login' box on the left to access all of CompTIA research, or click here if you have forgotten your username or password. The information contained throughout these studies is proprietary to CompTIA. No portion of these studies may be reproduced in any form without the expressed written permission of CompTIA. However, small segments may be quoted if proper citation is made. For more information or if you’re not a member and would like to purchase the report, please contact research@comptia.org.