62% of organizations in the finance sector experienced email incidents, yet only 42% feel very confident in their compliance posture.

58% of organizations in the healthcare sector experienced email incidents, yet only 36% feel very confident in their compliance posture.

60% of organizations in the legal sector experienced email incidents, yet only 41% feel very confident in their compliance posture.

59% of organizations in the technology sector experienced email incidents, yet only 39% feel very confident in their compliance posture.

14% of organisations failed multiple compliance audits due to identity-related issues.

34% of organisations have failed a compliance audit due to identity-related issues.

46.3% of teams at financial organizations have partially automated compliance reporting.

8.5% of teams at financial organizations still rely mostly on manual efforts for compliance reporting.

45.2% of teams at financial organizations have extensively automated compliance reporting.

51% of middle market organisations stated they outsourced cybersecurity risk and compliance management. Other leading functions outsourced include cyber incident response and forensics (46%), the security operations center (46%), security awareness training (44%), and vulnerability management (44%).

Over half of organisations (54%) spend more than five hours each week on manual compliance tasks.

62% say their audit evidence-gathering process is at least occasionally error-prone.

90% of organisations are concerned that poor collaboration between GRC and security teams is undermining audit preparation.

Organisations cited financial penalties (39%), security breaches (36%), and reputational damage (36%) as the top risks of poor compliance management

96% of organisations say it’s challenging to keep up with the growing number of industry regulations.

Only 29% of all organisations say their compliance programmes consistently meet internal and external standards.

On average, just 39% of the audit evidence process is automated.

92% of respondents rely on three or more tools to gather audit evidence.

Roughly 22.6% of CISOs rate their compliance program a 4 (“Adherence: measured with metrics to support audit and risk mitigation”), but only 5.3% believe their program is a 5 (“Optimized: continuous improvement and efficiency”).

26.1% of CISOs cited the rate of regulatory change as a challenge in implementing new or updated compliance frameworks.