2007 was a difficult year for IT security chiefs, with the media keen to report how organisations had failed to protect customer data through poor system implementations or slack human process.

Last March, for example, hackers half-inched the payment card details of more than 45 million TK Maxx customers. Later on in the year, misplaced disks at HM Revenue and Customs placed 25 million people at risk of identity theft.

Such problems and dangers - and the inevitable effect that data leak can have on an organisation's public profile - would surely make IT security a key spending priority? Apparently not, according to consultant Deloitte.

Only 5 per cent of technology, media and telecommunications companies increased their security investment by 15 per cent or more last year. Half of firms allocated less than 3 per cent of their IT budget to security.

Hackers breaking down defences, workers losing information and organisations failing to firm up security - talk about mixed-up priorities, especially as the research also shows just 7 per cent of companies believe they are prepared for future security threats. Other findings from the research include:

• Only 38 per cent of companies believe their organisation has all the skills and capabilities to respond effectively and efficiently to security challenges
• A third (36 per cent) of organisations do not track losses of customer data at all
• Even fewer firms (32 per cent) have performed an inventory of personal information

Maybe firms believe personal data is devalued and the risk of playing fast and loose with customer information is overplayed?

Security specialist Symantec recently found there is a global underworld of criminal organisations selling stolen information. UK-based credit cards are available from as little as £1.03, and full identities – US bank account, credit card, date of birth and government-issued identification number – can be bought for just £7.22.

As Paul B. commented on this blog: "Is the information so abundant that the criminals don't need to charge higher prices? Scary." Indeed it is - but two simple facts should help re-set the balance:

• Last July, it was revealed that the Information Commissioner’s Office (ICO) received almost 24,000 enquiries and complaints concerning personal information during the previous twelve months
• Identity theft, meanwhile, costs the UK economy more than £1.7bn per year, according to the UK’s fraud prevention service Cifas

Such figures help illustrates that investing in security has never seemed more worthwhile, despite the apparent low spending priorities of the business.