We've curated 9 cybersecurity statistics about Framework to help you understand how security practices and standards are evolving to better protect organizations against emerging threats in 2025.
Showing 1-20 of 21 results
52% of organizations lack a formal AI governance framework.
35% of enterprises are adopting new frameworks.
45% of enterprises are updating existing frameworks.
The median enterprise maps its controls to about seven frameworks.
The median enterprise maps its controls to about 2,700 requirements.
The GDPR is one of the top 5 frameworks adopted by organizations.
ISO 27001 is one of the top 5 frameworks adopted by organizations.
NIST Cybersecurity Framework (CSF) 2.0 is one of the top 5 frameworks adopted by organizations.
The Secure Controls Framework (SCF) is one of the top 5 frameworks adopted by organizations.
SOC 2 is one of the top 5 frameworks adopted by organizations.
56% of companies surveyed say that they are using a formal risk management framework.
One third of companies surveyed say that risks are assessed informally.
Over half (54%) of organisations have developed internal cybersecurity frameworks independent of government guidance.
78% of organisations employ governance frameworks for cloud security.
Most popular governance frameworks for cloud security used: NIST Cybersecurity Framework (40%), ISO/IEC 27001 (31%), SOC 2 Compliance (28%).
26.1% of CISOs cited the rate of regulatory change as a challenge in implementing new or updated compliance frameworks.
Roughly half of CISOs (47.9%) cited evidence gathering as one of their greatest challenges in implementing new or updated compliance frameworks.
43.6% of CISOs cited control mapping as a challenge in implementing new or updated compliance frameworks.
38.3% of CISOs cited cost as a challenge in implementing new or updated compliance frameworks.
33.5% of CISOs cited audit management as a challenge in implementing new or updated compliance frameworks.