Around two-thirds say their compliance programs often fail internal and external standards.
The majority of organisations say it is challenging to keep up with the growing number of industry regulations, and most rely on three or more tools to gather audit evidence.
According to research by Swimlane, only 29 percent of all organisations say their compliance programs consistently meet internal and external standards.
“The burden of compliance weighs heavy on security and GRC teams, and the pain is growing faster than teams can adapt,” said Michael Lyborg, CISO at Swimlane.
“Regulations are shifting, expectations are rising, and yet most organisations still rely on processes that were never designed for this level of complexity. Until now, everything has been massive spreadsheets. Without better coordination and smarter workflows, even well-intentioned programs will fall short.”
Also, 54 percent of organisations spend more than five hours each week on manual compliance tasks.
Financial penalties (39 percent), security breaches (36 percent), and reputational damage (36 percent) were cited as the top risks of poor compliance management.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
