Stay on top of the latest tech news with our free IT News Digest newsletter, delivered each weekday.
Automatically sign up today!


Dawn Kawamoto

Staff Writer, CNET

A section of the Sarbanes-Oxley Act took effect Monday, part of new accounting regulations that promise to be a multimillion-dollar bonanza for tech security companies.

Under Section 404 of the law, publicly traded companies must have policies and controls in place to secure, document and process material information dealing with their financial results. Vendors helping companies with compliance are expect to reap $5.8 billion next year, with 28 percent going to technology companies, according to an AMR Research survey released Friday.

“Technology will play an increasingly significant role in the integration of SOX (Sarbanes-Oxley) compliance initiatives into the business process,” John Hagerty, vice president of research at AMR, said in a statement.

This year, companies and organizations are expected to spend $1.13 billion on technology to comply with Sarbanes-Oxley. That is expected to increase to $1.62 billion next year, according to the study.

Providers of technology for internal and external security are expected to capture a good slice of this business. Other sectors set to benefit include document and record management; business process management to integrate disparate business systems; applications compliance management software; and application suites to standardize the business processes for financial transparency.

Technology vendors have changed their marketing pitch as the regulations have taken hold, industry analysts have noted. Congress passed the Sarbanes-Oxley Act in 2002, aiming to counter financial scandals such as those at Enron or WorldCom, by imposing more transparency in accounting procedures.

“A year ago, the vendors had ineffective messaging. They said their products were compliant and put a patina of compliance on everything they wrote to market them,” said Paul Proctor, vice president of security and risk strategies at Meta Group. “Now vendors say their products address compliance.”