The welter of compliance regulations, such as Sarbanes-Oxley and the EU's 8th Directive, have toppled worms and viruses as the prime driver for information security, according to accounting firm Ernst & Young's eighth annual security report.
Two-thirds of the 1,300 global companies interviewed put it top of their list of information security concerns, despite it being a bumper year for virus and worm activity.
But companies that view compliance as a distraction are missing an opportunity to embed security into their business. "Compliance is proving to be more of a distraction than a catalyst for information security becoming strategically aligned within organisations," says Edwin Bennett, global director of Ernst & Young's Technology and Security Risk Services.
"One might assume that with the attention information security is receiving due to regulatory compliance, organisations' information security postures are improving and information security as a function is becoming more integral to their strategic initiatives. Unfortunately, this is not happening on a consistent basis."
The study reveals a mismatch between business objectives and security. A commanding 81% of the respondents perceive compliance with corporate policies and procedures as more important than business objectives such as mergers and acquisitions, product launches and delivery.
Only 41% of the companies say they are using compliance as an opportunity to make changes to their security architecture.
Ernst & Young predicts that compliance will remain in its pole position for the next 12 months.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.