This is despite the fact that 26% of firms regard corporate governance as the most important factor driving security spending, the survey of 280 security and compliance managers has revealed.
The findings suggested that many organisations are approaching compliance in an ad-hoc, rather than a systematic way, said Netegrity which commissioned the research.
The survey found that 55% of organisations were not aware of the Companies Bill, which will have a similar effect in the UK as the US corporate governance Sarbanes-Oxley regulations.
A third said they had no budget to meet Sarbanes-Oxley, another third were spending less than £50,000 and only 8% more than £1m.
Nearly three quarters said they were not sure whether they would receive accreditation for their internal controls under Sarbanes Oxley and 13% said it was unlikely.
About half said they expected their investments in compliance to be comparable to their Y2K spending, and just over half said they were confident of meeting deadlines for the legislation.
About 80% said their spending would increase in 2005. Enabling access for business partners, customers and employers, and demand for greater efficiency are driving spending alongside compliance.