Human error cause of most IT security breaches, survey says

Human error is the primary cause of IT security breaches, not technology, according to an annual survey published today by the Computing Technology Industry Association, an Oakbrook Terrace, Ill., trade group.

Eighty-four percent of the nearly 900 organizations surveyed blamed their last major security breach in whole or in part on human error, according to CompTIA. The survey respondents were in the government, IT, financial and education sectors.

In addition, nearly six in 10 organizations said they had at least one major IT security breach in the last six months ? one that resulted in the loss of confidential information or interrupted business operations. A year ago, 38 percent of organizations reported at least one major IT security breach in the same time period, according to the study.

However, survey respondents said training and certification have significantly improved their IT security. The study found that organizations with at least 25 percent of their IT staff trained in security are less likely to have had a departmental security breach than those with fewer staff trained in IT security.

The benefits of training and certification are improved risk identification, improved security measures and faster response to problems, the study found.

"The findings underscore the fact that security and human capital, more so than security and technology, should be given the highest priority by all organizations," said John Venator, president and chief executive officer of CompTIA.

The survey was conducted for CompTIA by Palo Alto, Calif.-based TNS Prognostics.