Human error is to blame for 84 per cent of IT security breaches, according to a survey of more than 900 organisations.

In its second annual study of IT security and the workforce, the Computing Technology Industry Association (CompTIA) also found that only 51 per cent of organisations have a written IT security policy.

The proportion of businesses citing human error as wholly or partly to blame for their last security breach was considerably higher than last year's figure of 63 per cent.

This is despite a higher level of awareness of security threats and greater spending on preventative measures among those surveyed.

The study also reveals an increase in the number of companies suffering serious security breaches.

Nearly six out of 10 respondents said they had experienced a major incident in the last six months, defined as one that resulted in the loss of confidential information or interrupted business operations. This compares to just 38 per cent of organisations last year.

Brian McCarthy, chief operating officer at CompTIA, said: "People aren't allowed to drive a car without a licence. Well, there are a lot more drivers on the information highway today and that means the opportunity for accidents is a lot greater.

"Organisations should be giving staff the foundational knowledge they need to avoid security breaches."

Eight out of 10 respondents that had invested in staff security training said their security had improved as a result. Seven out of 10 investing in staff certification also noted improvements.

John Venator, president and chief executive officer of CompTIA, said: "The findings underscore the fact that security and human capital, more so than security and technology, should be given the highest priority by all organisations."

In related news the Human Firewall Council, a consortium formed in 2001 to highlight the importance of people to effective IT security, has launched a free online tool that allows organisations to benchmark their security management practices against international standards and those of their peers.

The Security Management Index is based on ISO 17799 standards for best practice across 10 critical areas of security.