11% of the security staff budget for Fortune 500 organizations with 50+ security FTEs is allocated to GRC.

66% of security services providers primarily use a GRC or compliance automation platform.

Over half of organisations (54%) spend more than five hours each week on manual compliance tasks.

90% of organisations are concerned that poor collaboration between GRC and security teams is undermining audit preparation.

Organisations cited financial penalties (39%), security breaches (36%), and reputational damage (36%) as the top risks of poor compliance management

96% of organisations say it’s challenging to keep up with the growing number of industry regulations.

Only 29% of all organisations say their compliance programmes consistently meet internal and external standards.

On average, just 39% of the audit evidence process is automated.

92% of respondents rely on three or more tools to gather audit evidence.

Most organisations (57.9%) spend at least some of their budget on GRC tools to collect and maintain compliance evidence.

46.2% of organisations said they don’t have a sufficient budget to invest in GRC tools.

38.5% of CISOs said GRC tools are too expensive.

Nearly 22% of CISOs said they haven’t looked at GRC tools yet.