More than 70% of top US companies are increasing their security budgets to meet regulatory and audit compliance requirements, echoing their UK counterparts.
A survey of 147 IT managers at Fortune 1,000 companies by US consultancy TheInfoPro (TIP) found that most of the compliance spending went on policy and process changes, followed by new software and encryption technologies, according to.
The results indicate that compliance has become one of the biggest drivers of security spending in corporate America, said Bill Trussell, managing director of TIP's security sector.
The findings echo research on UK security spending. A survey by Point Topic, published in October, found that UK firms were spending £1.8bn a year on security, with compliance a key driver for spending by larger enterprises.
And a September study of UK finance firms by PMP Research found that almost half had overshot their budgets in a bid to meet compliance requirements, while two-fifths expected to increase their spending to cope with legal requirements including the Markets in Financial Instruments Directive (Mifid) and Solvency II.
TIP’s Trussell said information security actions were “centred around meeting audit standards or regulatory requirements" at most large companies, a trend that cut across industries.
Growing concerns about the consequences stemming from data breaches and data losses were fuelling the spending increases, he added.
"Current overall compliance budget increases now exist in 70% of the Fortune 1,000-sized organisations that TIP interviews," Trussell said. "It is rare to see such a large influencer in the information security marketplace.”
The PCI standards https://www.pcisecuritystandards.org/about/index.htm covering payment account data are a big driver of increased compliance efforts, with 62% of the respondents in the TIP survey saying they had plans to implement PCI-related processes and systems this year.