The IT security market is booming in the US. There are many good reasons why it should be, not least of which is the on-going escalation in IT security breaches. However, something interesting is happening. There have been compliance initiatives and various bits of legislation in the US which could and should have stimulated companies to invest more in this area, but there is only one so far that has made much difference to the buying impulse – the Sarbanes-Oxley Act.

This piece of legislation was passed in the wake of the corporate scandals that began with the collapse of Enron. It demanded that CEOs and CFOs took responsibility for the accuracy of, and signed off, the company’s financial results. As such the security (and thus the IT security) surrounding financial systems suddenly had the best sponsors that any IT product could want - the guys that can sign off just about any order. This happy situation (happy for IT security vendors at least) is made even happier by the fact that auditors in the US now ask questions about the IT security in these systems.

IT security was already on the radar screen of the senior execs to the point where a good few US companies had appointed CSOs (Chief Security Officers) or CISOs (Chief Information Security Officers) and thus in such companies there were specific budgets for IT security and an easily identified buyer. Sarbanes-Oxley has simply pumped up the budgets and IT security companies are prospering accordingly.

For the health sector there may also be a similar driver with the US HIPAA legislation which protects the privacy of patient records. The legislation only comes fully into force in 2005, but the penalties for abuse are draconian. Thus far (according to IT security companies) it hasn’t had much of an effect but one high profile case may change all that.