Complaince Drives I.T. Spending

A recent Information Week article reports that compliance drives I.T. spending, not the threat of malware. What causes this?
Perhaps its that criminal and civil penalties grab the attention of the head of the company more than pleas from the I.T. department.
Perhaps that in order to be compliant, expensive audits are often required that set the I.T. budget on its ear.
Perhaps the new regulations require a more holistic view of the business and security that is more meaningful. Where as the threat of security intrusions (and actual security intrusions) are treated on more of a case by case basis. The solution for malware is seen as technology. Thus its an I.T. department problem. Compliance on the other hand is a full company need leading to more money.