35% of companies are building dedicated cyber resources.

While 65% of CISOs now say their organizations have taken steps to protect them from personal liability, one-third still feel they lack the resources to meet their cybersecurity goals.

Most organisations (57.9%) spend at least some of their budget on GRC tools to collect and maintain compliance evidence.

50% of CISOs said that, on an annual basis, they spend more than $200,000 worth of capital and dedicated staff resources to achieve and maintain compliance across their organisation.

30% of CISOs spend less than $100,000 annually on compliance.

46.2% of organisations said they don’t have a sufficient budget to invest in GRC tools.

69.7% of CISOs said cost is most important when selecting tools/vendors to provide governance and continuous controls monitoring.

46% of respondents felt their technical privacy team was understaffed.

Almost half of the CISOs who rated their compliance programs a 1 or 2 attributed their difficulties to a lack of personnel or resources.

20% of CISOs spend between $100,000 and $200,000 annually on compliance.

53.7% of CISOs pointed to skilled staff as a major challenge in implementing new or updated compliance frameworks.

38.5% of CISOs said GRC tools are too expensive.

54.2% of respondents to the CISO Society survey feel that they have the talent to meet future regulatory requirements.

43% of respondents believed their privacy budget was underfunded.

36% of respondents felt their privacy budget was appropriately funded.

Nearly 22% of CISOs said they haven’t looked at GRC tools yet.

Just 16.3% of CISOs said they experienced cost savings when using technology to enhance their compliance program.

A staggering 80% of CISOs admit to unnecessary duplication in their compliance efforts.