Many regulation sets have very specific requirements around how data is stored and secured, making them very much a consideration for IT. In the US, the Sarbanes-Oxley Act (SOX) and Payment Card Industry Data Security Standards (PCI DSS) are a case in point. A recent IS Decisions survey of 500 IT decision makers in the UK and US sheds some light on the fact that a majority of IT professionals are in the dark about whether there even are regulatory requirements for their organization.”]
Source: https://www.darkreading.com/compliance/why-are-security-pros-blas-about-compliance-