IT Security: Does it make the Grade?

Straw poll finds IT security a priority in higher education—albeit an underfunded one.

Campus  Briefs

THE 2005 REPORT CARD
Security Element Grade
Administration Priority A–
Faculty Support B
Student Support C–
Administration Support B+
Funding C
Staff Time C
Overall Security Profile B–
While administration and faculty commitment to IT security earned high scores, funding and staff time allocations received lower marks, as did student support. Source: “CDW-G Higher Ed Security Report Card 2005.” Used with permission.

CDW-G has released the results of its informal 2005 sampling of 102 higher education IT professionals on the topic of IT security. In an attempt to understand barriers to improving IT security on campus, survey questions were designed to gauge levels of support by administration, faculty, and students for IT initiatives, as well as to examine administrative prioritization, staffing, and funding. Researchers assigned “grades” based on participant responses, and CDW-G issued a “report card” for 2005.

A’s and B’s for faculty and administrators. Among the key takeaways from the brief study is that IT security is not “counter to the culture” in higher education: 69 percent of respondents characterized it as a top or very high priority for administrators, 73 percent said that faculty support security policies, and 87 percent reported that security policies are supported by their executive administration. Clearly, IT security makes the grade as a priority in higher education institutions.

Funding, staffing, and students get C’s or lower. Despite the priority recognition of IT security on campus, lack of funding is a significant barrier to improving security—identified by 50 percent of respondents as their biggest barrier. And the organizational resource picture looks even worse when coupled with scarcity of staff: 12 percent of respondents pointed to “too few staff” as their own institution’s biggest barrier to security gains. The lowest score, the C- given to student support, is in large part attributed to lack of awareness, rather than lack of regard—a situation that’s possibly also related to a need for more staff attention.

For the record. Organizational resource allocation clearly did not match the high priority and recognition given to IT security by higher education IT professionals and faculty in 2005. This year, CDW-G plans to perform a more extensive study, following up on key findings from 2005 data. Will the grades, particularly for funding and staffing, improve?

Featured

  • data professionals in a meeting

    Data Fluency as a Strategic Imperative

    As an institution's highest level of data capabilities, data fluency taps into the agency of technical experts who work together with top-level institutional leadership on issues of strategic importance.

  • stylized AI code and a neural network symbol, paired with glitching code and a red warning triangle

    New Anthropic AI Models Demonstrate Coding Prowess, Behavior Risks

    Anthropic has released Claude Opus 4 and Claude Sonnet 4, its most advanced artificial intelligence models to date, boasting a significant leap in autonomous coding capabilities while simultaneously revealing troubling tendencies toward self-preservation that include attempted blackmail.

  • university building with classical architecture is partially overlaid by a glowing digital brain graphic

    NSF Invests $100 Million in National AI Research Institutes

    The National Science Foundation has announced a $100 million investment in National Artificial Intelligence Research Institutes, part of a broader White House strategy to maintain American leadership as competition with China intensifies.

  • black analog alarm clock sits in front of a digital background featuring a glowing padlock symbol and cybersecurity icons

    The Clock Is Ticking: Higher Education's Big Push Toward CMMC Compliance

    With the United States Department of Defense's Cybersecurity Maturity Model Certification 2.0 framework entering Phase II on Dec. 16, 2025, institutions must develop a cybersecurity posture that's resilient, defensible, and flexible enough to keep up with an evolving threat landscape.