Three-quarters (75%) of scams now target critical workflows such as account creation and sign-in processes.

Over half of organisations (54%) spend more than five hours each week on manual compliance tasks.

The top five vulnerability management problems they’re actively trying to solve with AI today were: false positives (49%), overload of data (39%), reliance on manual processes (33%), disparate results from scanning tools (31%), and false negatives (31%)

Just over a quarter (27.7% of CISOs) think that automation will improve the ROI on existing tools.

25.5% of CISOs assume current GRC processes are not broken.

Almost two thirds of organisations (63.7%) do not feel that meeting new regulatory requirements slow their organisational growth.

66.7% of education businesses are challenged by audit readiness and their maturing compliance program.

53.2% of CISOs take note of their organisation's regulatory requirements.

77% of businesses highlight higher risks of core business process failures.

75% of retail and consumer goods and 62.5% of entertainment and media corporations are coping with the lack of a centralized system, but retailers are also challenged by silos within their data (75%).

Nearly one-third (33.2% of organisations) have incorporated automation without GenAI tools.

41% of CISOs said that OSCAL adoption is hindered by both a lack of usage and a difficulty in understanding its importance.

Approximately four out of five (79.8% of CISOs) believe that a reduction in manual processing is the biggest opportunity to add automation to their compliance and risk management program.

Of the organisations that measure the operational cost of managing compliance, 10.1% track IT costs.

17.6% of CISOs believe that manual processes are easier than using Compliance as Code.