A majority of the compliance-related spending is on policy and process changes, followed by software purchases and encryption technologies, according to a survey of 147 IT managers at Fortune 1,000 companies by tech consultancy,TheInfoPro Inc. (TIP).

Bill Trussell, managing director of TIP's security sector, said it is a trend that cuts across industry and corresponds with growing concerns about the consequences stemming from data breaches.

One of the biggest drivers is the Payment Card Industry (PCI) data security standard, he said.

"It is rare to see such a large influencer in the information security marketplace," Trussell said.

A report released by Forrester Research earlier this year estimated most companies will spend between 7.5 percent and 9 percent of their IT budgets on security, regardless of their size, geography or industry.

According to Forrester, the uniformity in spending patterns arises from the growing maturity of information security practices and the solidification of security within IT operations.

The continuing shift from a purely strategic IT-centric security model to a more strategic business-focused one is also driving the need for more investments in processes and tools, Forrester noted.

- with Jaikumar Vijayan and Sandra Rossi