Compliance biggest driver of security spending, survey says

More than 70% of Fortune 1,000 companies are boosting security budgets

More than 70% of Fortune 1,000 companies are increasing their security budgets to implement new systems and processes for meeting regulatory and audit compliance requirements.

A majority of the compliance-related spending is on policy and process changes, followed by software purchases and encryption technologies, according to a survey of 147 IT managers at Fortune 1,000 companies by TheInfoPro Inc. (TIP), a New York-based consultancy. The results indicate that compliance has become one of the biggest drivers of security spending in corporate America, said Bill Trussell, managing director of TIP's security sector.

"Information security actions are centered around meeting audit standards or regulatory requirements" at most large companies, Trussell said. It is a trend that cuts across industries, including those not even covered by specific regulations such as the Health Insurance Portability and Accountability Act and the Payment Card Industry (PCI) data security standard, he said. Fueling the spending increases are growing concerns about the consequences stemming from data breaches and data losses, Trussell said.

"Current overall compliance budget increases now exist in 70% of the Fortune 1,000 sized organizations that TIP interviews," Trussell said. "It is rare to see such a large influencer in the information security marketplace," he added.

One of the big drivers of compliance efforts appears to be PCI, with 62% of the respondents in the TIP survey saying they have plans to implement PCI-related processes and systems this year.

The TIP survey results appear to bolster other reports that suggest an overall increase in security spending this year. A January report from Cambridge, Mass.-based Forrester Research Inc., for instance, estimated that most companies will spend between 7.5% and 9% of their IT budgets on security, regardless of their size, geography or industry.

According to Forrester, the uniformity in spending patterns arises from the growing maturity of information security practices and the solidification of security within IT operations. The continuing shift from a purely strategic IT-centric security model to a more strategic business-focused one is also driving the need for more investments in processes and tools, Forrester noted.

Copyright © 2007 IDG Communications, Inc.

Shop Tech Products at Amazon