We asked IT executives in our current benchmark, Security and Information Protection, which were the regulations, laws, or industry practice standards with which it cost them most to comply. Perhaps unsurprisingly, the preliminary data show that the Sarbanes-Oxley Act is leading the pack: 87% of participants who answered this question cited it as one of their top 5 (and often as number 1). Next most frequently cited was HIPAA, named by 62%, followed closely by California SB 1386, at 50%.