"In some cases, because companies have to look externally for security recommendations, they may use regulations to start building their own security frameworks."

Ben Rothke, a senior security consultant at ThruPoint, said the problem with compliance is that people tend to take a myopic view of what needs to be done whenever new regulations come out.

"The point needs to be made that those organizations with a solid security framework in place could easily handle any regulations thrown at them," he added.

James Turner, Frost & Sullivan security analyst, said compliance is about transparency.

"Obfuscating funds by using the compliance hot button is going to get stomped on ... of course this doesn't mean shonky people won't try it, and ironically these are the very people that regulations are beefed up to address," Turner said.