A recent study showed that security breaches aren't growing in number, but they are more and more severe. It appears that companies have noticed this as well and they are spending more on security technology, training, assessment and certification than they were before.

A study from the Computer Technology Industry Association shows that for most companies 20% of the total technology budget was spent on security-related expenses. This is a significant increase in the money firms pay for security, as they were only spending 15% in 2005 and a measly 12% in 2004.

The survey is pretty relevant, in my opinion, as it has been taken by 1,070 organizations. They also expect to increase spending across all areas related to security in the next 12 months. Nearly one-half of respondents to the CompTIA survey said they intend to increase expenses on security-related technologies; and one-third of respondents expect to increase spending on security training. Among those expecting to increase spending, the average increase is in the range of 19-23 percent, regardless of area.

The study was conducted by TNS (a global market insight and information group) for CompTIA and it even breaks apart every dollar spent on security, explaining which way each cent goes. 42 cents are allocated for technology product purchases; 17 cents for security-related processes; 15 cents for training; 12 cents for assessments; 9 cents for certification; and the balance on other items.

Let's just hope that spending more money on anti-virus software, firewalls and such is going to lead to fewer hacks. But that's not all companies need - many studies have shown that no matter how skilled IT managers are, hackers can still make their way into company computers. And you know why? Because of sloppy employees that have no idea what security is and endanger the whole company network with their actions!