Forrester Research found that corporate intellectual property comprises 62 percent of a given company s data assets, most of the focus of their security programs is on compliance with various regulations. Proprietary knowledge and company secrets, by contrast, are twice as valuable as the custodial data. The study surveyed 300 senior IT personnel. It found that about 41 percent of security budgets are directed toward non-compliance activities, and about 39 percent go directly to compliance initiatives. Despite the number and severity of these kinds of incidents that a company has endured, the IT staff is still likely to think that its security controls are working well, the study found.
Source: https://threatpost.com/security-programs-focusing-too-much-compliance-study-finds-040510/73785/