Most government departments do not have a specific IT security training budget, a Freedom of Information (FOI)...
request has revealed.
Only one in nine government departments that responded to the FOI request from Firebrand Training said it had a specific budget for training staff in IT security.
The Ministry of Transport said it had allocated £106,000 for IT security training for 2008/9, but reported a reduced overall IT staff training budget on the year before.
The Ministry of Justice, which admitted in August 2008 that it lost the personal details of 45,000 people in the previous year, is among those with no specific IT security budget.
Despite the number of high-profile public sector data breaches in 2008, most government departments have a general budget to cover all IT training.
But, two departments said they had no IT staff training budget, four said the budget was reduced from the previous year and only four reported an increased budget.
The lack of a specific IT security training budget means that this is often neglected as organisations look to cut costs or delay spending wherever they can.
This approach is short-sighted, according to Robert Chapman, chief executive of Firebrand Training.
"Training people is about improving their effectiveness and if they do not understand how to protect against security threats, the risk of exposure is much higher," he said.
Cyber-criminals continue to develop increasingly sophisticated ways of stealing sensitive information for gain, according to a slew of IT security reports.
Public and private organisations cannot afford to stand still and need to continually update employees on best practice in IT security, said Chapman.
"The FOI results reveal fundamentally broken thinking in government departments. They are relying on policy and procedure without educating IT users," he said.
According to Chapman, failure to train users of data on how to limit the risks will continue to expose government departments to potentially catastrophic data breaches.