(MSPAlliance) – Friday, April 28, 2006 – Employee-caused security breaches due to phishing and spam are rising, but many companies provide no security training for corporate end-users. The annual survey from the Computing Technology Industry Association showed that internal human error was the single largest cause of security breaches.
Human error was the cause of 59.2 percent of data breaches in 2005 among companies surveyed, up sharply from 47.1 in 2004. Companies reported suffering an average cost of $11,000 the last time a security breach occurred, while some reported a cost of more than $50,000.
The most severe security breaches occur for larger businesses and educational institutions, but business IT security policies are more aggressive than educational ones. About two-thirds of those surveyed reported that worms and viruses remained a security concern, while listing browsed-based attacks, remote-access vulnerabilities and wireless-networking security as other top concerns.
However, only 36 percent of companies required end-user security training. Of those that do require the training, 47 percent reported that the training ran for an hour or less, while 84 percent reported fewer security breaches after implementing the training. At an average cost of $5,000 for the training and $11,000 for a security breach, it is easy to see the long-term value in end-user IT security training.