41% of CISOs said that OSCAL adoption is hindered by both a lack of usage and a difficulty in understanding its importance.

25.5% of CISOs assume current GRC processes are not broken.