Only 29% of all organisations say their compliance programmes consistently meet internal and external standards.

Roughly 22.6% of CISOs rate their compliance program a 4 (“Adherence: measured with metrics to support audit and risk mitigation”), but only 5.3% believe their program is a 5 (“Optimized: continuous improvement and efficiency”).

35% of CISOs said that, on a scale of 1 to 5, they would rate their compliance program a 3 (“Defined: early-enterprise, standardized and structured”).

Almost half of the CISOs who rated their compliance programs a 1 or 2 attributed their difficulties to a lack of personnel or resources.