According to Computer Economics’ 2004 IT Security Study, over two-thirds of medium-size organizations provide periodic IT security training for all employees. The study, which included in depth interviews with 120 senior IT and business executives, defines medium organizations as having annual revenues ranging from $250 million to $750 million.
Providing IT security training for all personnel can be a very important strategy in minimizing security risks. However, this can also be a costly and time-consuming process and is often tabled due to resource constraints. Despite the cost and resource drain, medium companies are doing a respectable job of providing this important training. As shown in Figure 1, 68.5% of the medium-size companies in our study are executing this strategy on an ongoing basis.
Does Your Organization Provide Periodic
IT Security Training for All Personnel? â Medium Companies
Figure 1
The study reviewed a variety of IT security-related benchmarks including the number and source of IT security incidents occurring in all companies on annual basis. In medium companies, the number of incidents directly attributable to employees or other insiders is quite high, clearly indicating that more training and awareness programs are required.
Since over 30% of the medium companies in our study reported they are not executing this strategy on some sort of periodic schedule, these companies could significantly reduce the internal risk by providing this type of training. This training should include the impact these events have on the company economically and competitively, as well as specifically outline the penalties connected with intentionally breaching corporate IT security.
September 2004
Computer Economics’ 2004 IT Security Study is now available. This in-depth study examines security budget trends in several major categories, as well as examine current IT security practices, incidents, and trends. To order a copy today, contact us at 1-800-326-8100, ext. 51.