Compliance biggest driver of security spending, survey says

More than 70% of Fortune 1,000 companies are increasing their security budgets to implement new systems and processes for meeting regulatory and audit compliance requirements.

A majority of the compliance-related spending is on policy and process changes, followed by software purchases and encryption technologies, according to a survey of 147 IT managers at Fortune 1,000 companies by TheInfoPro Inc. (TIP), a New York-based consultancy. The results indicate that compliance has become one of the biggest drivers of security spending in corporate America, said Bill Trussell, managing director of TIP's security sector.

"Information security actions are centered around meeting audit standards or regulatory requirements" at most large companies, Trussell said. It is a trend that cuts across industries, including those not even covered by specific regulations such as the Health Insurance Portability and Accountability Act and the Payment Card Industry (PCI) data security standard, he said. Fueling the spending increases are growing concerns about the consequences stemming from data breaches and data losses, Trussell said.

"Current overall compliance budget increases now exist in 70% of the Fortune 1,000 sized organizations that TIP interviews," Trussell said. "It is rare to see such a large influencer in the information security marketplace," he added.