The number of companies that require IT security certification increased from 2006 to 2008, according to a recent study by the Computing Technology Industry Association.

Thirty-two percent of companies reported requiring IT security certification last year, compared with just 20% in 2006, CompTIA said. The group's Seventh Annual IT Security Trends in the Workforce study, published last week, found that 87% of respondents believe that security improves with training for non-IT employees by increasing awareness and risk identification.

Hugo Lueders, a public policy director with CompTIA, said that the report shows that companies "are finally taking training seriously.

"Most respondents feel that IT security certification for IT staff improves security, especially through risk identification and quick response to security issues," he said in a statement released Tuesday. "Many organizations have made significant progress in dealing with security issues, but the number and types of threats have increased in step." Lueders said that many of the most severe security breaches are unintentional and a result of human error.

"This demonstrates a need for more employee trainings and deeper knowledge of technology functions," he said.

The study, which reflects responses from more than 1,000 IT employees, found that security concerns are relatively constant. The top issues are spyware, virus and worm attacks, and lack of user awareness. Most respondents said that security threats increased for browser-based attacks, the use of handheld devices, and VoIP.

InformationWeek has published an in-depth report on the current state of IT salaries. Download the report here (registration required).