Security Conforms To Regulatory Compliance - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Business & Finance
News
8/26/2005
02:30 PM
50%
50%

Security Conforms To Regulatory Compliance

Business-technology professionals spend nearly one day a week dealing with industry- and government-related issues, according to InformationWeek Research. AMR Research expects compliance-related spending to hit nearly $15.5 billion this year. The cost for a typical company is estimated at approximately $500,000.

chart: Added Pressure --Are government regulations pressuring your company towared a more-structured approach to information security?Regulatory compliance is influencing security practices. Of the 2,540 U.S. business-technology and security professionals who recently participated in our 2005 Global Information Security Survey, an editorial research product of InformationWeek and management-consulting and technology-services company Accenture, more than half report that government regulations have pressured their company to adopt a more-structured approach to information security.

"Implementing integrated security technology--such as a centralized identity- and access-management system--can significantly improve controls to prevent unauthorized access to electronic data and makes it easier for companies to comply with stringent regulatory requirements and other recently enacted laws," says Alastair MacWillson, partner in charge of Accenture's global security practice.

Approximately 30% of sites we surveyed report that their compliance efforts have resulted in positive change, including documentation of internal controls over financial reporting, establishment of a records-retention schedule, and reengineering of existing applications to support compliance efforts. At the same time, more than half of survey participants say regulatory compliance has made their company more cautious in its use of security tools, products, and services. Only 5% of sites report that regulatory compliance expenses are allocated to their security budget.

How has becoming compliant changed your company's security procedures or policies?

Helen D'Antoni,
Senior Editor, Research
[email protected]


Change Makers
Which regulation created adoption of or change in security policies and practices?

Sarbanes-Oxley remains the most-expensive initiative, accounting for 39% of all compliance dollars spent, based on AMR estimates; it's also having the widest impact on security practices.

Two in five companies attribute changes in security practices to Sarbanes-Oxley, while HIPAA has spurred security changes at 30% of sites.

chart: Change Makers -- Which regulation created adoption of or change in security policies and practices?


Compliance Payoffs
What three steps in the past 12 months have proven most beneficial in your company's efforts to achieve regulatory compliance?

Regulatory mandates tend to be data-centric, so it's logical that the most beneficial steps taken in the past 12 months to become compliant are related to data. Nearly half of the 2,540 companies surveyed by InformationWeek and Accenture about their security practices and experiences report that regulatory efforts have resulted in improved document management, while 44% report better storage management.

chart: Compliance Payoffs -- What three steps in the past 12 months have proven most beneficial in your company's efforts to achieve regulatory compliance?


Purchasing Impact
Is regulatory compliance a main catalyst for your company's security-related purchases?

While AMR Research estimates that a typical company will spend approximately $500,000 yearly on compliance-related activities, and a substantial portion will go toward IT initiatives, regulatory compliance has yet to become a major force behind security-related purchases. Only a third of U.S. companies in the 2005 Global Information Security Survey say that achieving compliance is a main catalyst for security-related purchases.

chart: Purchasing Impact -- Is regulatory compliance a main catalyst for your company's security-related purchases?


Compliance Coverage
Which budget at your company covers regulatory compliance expenses?

Technology spending is a major part of compliance investment, ranging from 28% of overall Sarbanes-Oxley spending to 42% of overall Health Insurance Portability and Accountability Act spending, according to AMR Research. "Security and compliance need to be viewed as key components of the overall IT strategy," says Accenture's Alastair MacWillson. "Doing so will spur business improvement and technology innovation." For most businesses surveyed--40%--the type of expense dictates to which budget compliance costs are applied.

chart: Compliance Coverage -- Which budget at your company covers regulatory compliance expenses?
























More stories on InformationWeek Research's
U.S. Information Security Survey 2005


  • The Threats Get Nastier

  • Sidebar: A New Type Of Worm

  • Sidebar: Source Of The Problem

  • Report: U.S. Information Security 2005

  • Tool: Compare Your Security Practices























  • We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
    Comment  | 
    Print  | 
    More Insights
    2021 State of ITOps and SecOps Report
    2021 State of ITOps and SecOps Report
    This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
    InformationWeek Is Getting an Upgrade!

    Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

    Slideshows
    10 Things Your Artificial Intelligence Initiative Needs to Succeed
    Lisa Morgan, Freelance Writer,  4/20/2021
    News
    Tech Spending Climbs as Digital Business Initiatives Grow
    Jessica Davis, Senior Editor, Enterprise Apps,  4/22/2021
    Commentary
    Optimizing the CIO and CFO Relationship
    Mary E. Shacklett, Technology commentator and President of Transworld Data,  4/13/2021
    Register for InformationWeek Newsletters
    Video
    Current Issue
    Planning Your Digital Transformation Roadmap
    Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
    White Papers
    Slideshows
    Twitter Feed
    Sponsored Live Streaming Video
    Everything You've Been Told About Mobility Is Wrong
    Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
    Sponsored Video
    Flash Poll