New data suggests IT professionals from UK organisations believe they have sufficient budgets for IT security, and those budgets are growing for many organisations.
If you under-invest in the policy component and the training component, you’ll leave yourself vulnerable.
According to a new research report from the Computing Technology Industry Association (CompTIA) on security trends and IT spending, 2012 should be a year of ample security budgets, but scarce security staffing.
CompTIA, a non-profit industry association that also provides testing for professional security certifications, collected data in an online survey of 1,183 IT and business executives directly responsible for information security in their organisations. The countries covered were Brazil, India, Japan, South Africa, the UK and the US. CompTIA published its 8th Annual Trends in Information Security report (available only to CompTIA members) last month, and recently discussed the UK-specific findings with SearchSecurity.co.UK.
CompTIA found that 83% of UK organisations will make security a higher priority in their 2012 IT budget, compared to last year. Two-thirds of UK managers have sufficient budgets to keep their organisations secure, and they plan to spend that budget on tightening their security policies and dodging malware.
Of the 200 UK executives who responded to CompTIA’s survey, 69% expected their IT budgets to rise this year, and 83% said security would receive some of that increased funding. At the same time, 34% of UK respondents said their security projects were held back by a lack of budget or lack of support for new security investments.
Respondents expressed concern about finding and hiring trained security professionals. In the UK, 42% said they had encountered difficulties in hiring security specialists in the past year. The picture was similar in the other countries, with only Japan reporting an easier time finding skilled security pros.
When asked about security breaches, one-third of UK respondents said they had experienced a confirmed security breach in the last 12 months, and another third said they had probably suffered a breach. Of those, 54% were attributed to human error, and respondents said human error was increasingly becoming a problem. More than half of the respondents blamed the breaches on IT staff failing to follow policies and procedures.
Tim Herbert, vice president of research at CompTIA, said security people need to pay more attention to the problem of human error among users. “The default position for a lot of security professionals continues to be to throw more technology at the problem,” he said. “That is an important component of the solution, but if you under-invest in the policy component and the training component, you’ll leave yourself vulnerable.”