Employers are failing to invest adequately in training for their IT security staff, a survey of IT security professionals by IT training association Comptia has revealed.
The research, based on interviews with 100 senior IT security professionals, found that 20% do not believe they have adequate training for their role.
And when companies do provide training, they are investing in senior IT staff, rather than the junior staff who would benefit more from training programmes, the IT security professionals surveyed said.
Fifty per cent of those surveyed said the most junior members of staff would benefit from training more than senior staff, but nearly 40% said their employers focused their training programmes on senior security staff.
"I think a lot of the complaints we hear are because IT training is targeted at the wrong level. It tends to be targeted at a CIO level. We need to raise awareness at the very bottom of the skills pyramid, not the top. Those guys who set up users and install firewalls are the ones that need the training," said Comptia regional director Europe Matthew Poyiadgi.
Sixty per cent of the security professionals surveyed said the lack of investment in training meant that their employers were wasting the money they had spent on better security.
"The network engineers and the system administrators are not aware. That is the problem. It is the fundamentals of security - things like password control, locking a computer, and having a basic security policy communicated across all staff," he said.
The survey also revealed that most IT security professionals believe their employers should make security training a priority for all of their staff, not just the IT team.
More than 88% said training across all levels of staff in their organisation would improve the effectiveness of IT security. But 61% said their firms had no clear benchmark for doing so.
"Many firms think it will not happen to them. There is a general lack of awareness that is remarkable. When they have their fingers burned, they realise that it is people further down the ladder that need to be trained," said Poyiadgi.
Comptia, which has 22,000 members, including Vodafone, Computacenter and BT, develops IT qualifications taught in universities and colleges for people starting out in IT management.