CSI Survey Indicates An Even Greater Concern for Proper Security Awareness Training

The Computer Security Institute (CSI) released the 14^th edition of its annual CSI Computer Crime and Security Survey in December 2009. Insight was gathered from 443 US-based respondents across both public and private sectors.

While respondents indicated they were not extremely happy about any of the technologies being currently used, they did feel that there is still a lack of a comprehensive solution for monitoring and measuring what is going on.

Respondents also expressed even greater concern over a perceived lack of proper security awareness training for users at endpoints. An amazing 43.4 percent of them said that less than 1 percent of their security budget was allocated to awareness training, and 55 percent said current investments in this area were inadequate.

Twenty-five percent of respondents said more than 60 percent of financial losses came from accidental breaches by insiders, not external hacks, and 16.1 percent said 81 to 100 percent of all losses came from accidental breaches as well.