The cost of gaining PCI compliance is a significant one. Averaging $3.5M per year according to a study by the Ponemon Institute. Also companies are saying “the average cost for organizations that experience non-compliance-related problems is far higher — $9.4M.” This suggest that compliance initiatives are a good investment but is this about improving security or meeting compliance requirements to avoid fines or expensive legal disputes?
And in this report from Network World almost 50% of the IT security professional’s time is taken up with meeting regulatory compliance initiatives.
What is clear is that regulatory compliance is a key driver in the IT security business.