In their 4th annual security benchmark study, Committing to Security - A CompTIA Analysis of IT Security and the Workforce, the Computing Technology Industry Association reports that "Security software has become more capable and pervasive, and is able to detect attacks that may have gone unnoticed for long periods in the past. Many seem to believe that these fully automated solutions are able to turn back nearly all attacks. This led to the emergence of a fair degree of complacency in 2005. Unless countered, this complacency could leave significant vulnerabilities open to the twisted innovation that hackers are rightfully notorious for. The fact remains that no software solution or automated response can match the security offered by training and mass awareness of security issues in the workplace."
Just under half the organizations surveyed say they have already implemented, or plan to implement, security awareness training, despite the fact that "there is a widespread recognition (84%) that it has resulted in a lower number of major security breaches".
The full report is available to CompTIA members.
More security awareness links and a white paper on the value of security awareness