The purpose of this paper was to identify ICT security measures and to assess the level of ICT security in small, medium and large enterprises in spatial terms. The measures in the ICT security area were identified based on secondary data of European Union member states retrieved from the Eurostat database. The research used the CCR Date Envelopment Analysis (CCR-DEA) model to meet the research purpose.The research identifies countries where ICT security results were achieved with the optimum

more »

... mbination of expenditures, i.e. the so-called fully efficient countries. The authors demonstrate that the countries participating in the optimal shared technology are aligned to non-fully efficient countries and they can achieve their results at lower expenditures. In the optimal technologies of all non-fully efficient countries the volume of the achieved results of enterprises is slightly higher than the actual volume. Research conducted in the area of enterprise ICT security rarely focuses on the efficiency of actions undertaken. The authors of this paper examine the technical efficiency in the area of enterprise information security in spatial terms and formulate conclusions about enterprises in the EU member states. The application of the expenditure-oriented CCR-DEA model identifies countries that achieve their results fully utilising their expenditures and those that are able to achieve at least the same results as achieved by non-fully efficient countries but at lower expenditures. The technical efficiency analysis of actions undertaken represents the starting point for defining good practices and success factors in the area of ICT security, both at enterprise and country levels.