Only a fifth (20.5% of CISOs) said they have very little duplication in their compliance efforts.

Roughly half of CISOs (47.9%) cited evidence gathering as one of their greatest challenges in implementing new or updated compliance frameworks.

53.7% of CISOs pointed to skilled staff as a major challenge in implementing new or updated compliance frameworks.

38.3% of CISOs cited cost as a challenge in implementing new or updated compliance frameworks.

33.5% of CISOs cited audit management as a challenge in implementing new or updated compliance frameworks.

Many CISOs (51.6%) were impacted by their maturing compliance program as a challenge in satisfying regulatory requirements.

Nearly as many (46.3% of CISOs) think the technology will allow them to more rapidly apply governance.

Just over a quarter (27.7% of CISOs) think that automation will improve the ROI on existing tools.

Almost two thirds of organisations (63.7%) do not feel that meeting new regulatory requirements slow their organisational growth.

38% of respondents believed their legal/compliance privacy team was understaffed.

34.6% of CISOs are challenged by regulatory change management in satisfying regulatory requirements.

Roughly 22.6% of CISOs rate their compliance program a 4 (“Adherence: measured with metrics to support audit and risk mitigation”), but only 5.3% believe their program is a 5 (“Optimized: continuous improvement and efficiency”).

More than one-third (37.2% of CISOs) said that no platform has demonstrated its reliability for Compliance as Code.

Just 17.9% of CISOs are using GenAI tools within their compliance program.

41% of CISOs said that OSCAL adoption is hindered by both a lack of usage and a difficulty in understanding its importance.

More than four-fifths (82.1% of organisations) are not currently using GenAI tools or functions within their compliance program.

82% of respondents use a framework or law/regulation to manage privacy in their organisation.

Two-thirds (66.3% of all CISOs) surveyed said that their organisation does not measure the operational cost of managing compliance.

Of the organisations that measure the operational cost of managing compliance, more than three quarters (75.4%) track all costs.

Of the organisations that measure the operational cost of managing compliance, 14.5% track compliance expenses.