May 04, 2009, 10:46 AM — More companies are requiring IT security certification, according to research released recently by the Computing Technology Industry Association (CompTIA). (Check out CSO's certification directory)
In its 7th Annual IT Security Trends in the Workforce study, CompTIA found that the number of organizations where IT security certification is required has increased by half and is continuing to grow, particularly for current employees. The research found 32 percent of employees were required to have certifications in 2008, compared to 20 percent in 2006. CompTIA, an organization that provides education and offers certifications itself, said it surveyed more than 1,000 IT employees for the research.
Hugo Lueders, senior director public policy EMEA of CompTIA, said the results are proof that employers are taking training seriously.
"Most respondents feel that IT security certification for IT staff improves security, especially through risk identification and quick response to security issues," he said in a statement. "The primary cause for the most severe security breaches remains unintentional in nature and typically caused by human error. This demonstrates a need for more employee trainings and deeper knowledge of technology functions."
Almost all respondents, 87 percent, agreed that security improved when their organizations provided training for non-IT employees, according to CompTIA, which pointed to increased awareness and proactive risk identification as reasons for the progress.
The study found that security issues remained largely consistent with previous years. Spyware, virus/worm and lack of user awareness were the most common issues. Security threats from browser-based attacks, use of handheld devices and VoIP intensified for the majority of respondents.