66.7% of education businesses are challenged by audit readiness and their maturing compliance program.

25.5% of CISOs assume current GRC processes are not broken.

More than a third (37.8% of CISOs) said their relationship between compliance and security is in a phase of simple negotiations.

13.7% of CISOs said their compliance program is a 1 (“Initial: ad-hoc”), and 23% said their program is a 2 (“Established: documented and repeatable”).

25% of businesses cited changes in legislation and regulation as a key business risk.

40% of businesses view data sovereignty as a compliance issue.

59% of CISOs said they would become a whistleblower if their organisation was ignoring compliance requirements.

Roughly two-fifths of CISOs are challenged by evidence gathering (41.5%) as a challenge in satisfying regulatory requirements.

46.2% of organisations said they don’t have a sufficient budget to invest in GRC tools.

50% of CISOs said that, on an annual basis, they spend more than $200,000 worth of capital and dedicated staff resources to achieve and maintain compliance across their organisation.

25% of UK security professionals cite a short timeline to becoming compliant as a barrier to DORA compliance.

Roughly 50% of CISOs expect automation to optimize compliance through a single pane of glass.

53.2% of CISOs take note of their organisation's regulatory requirements.

Of the 1.8 million breached administrator credentials, 40,000 admin portal accounts had the password ‘admin’.

Stolen credentials are involved in nearly half (44%) of all data breaches.

69.7% of CISOs said cost is most important when selecting tools/vendors to provide governance and continuous controls monitoring.

86% of respondents said privacy training and awareness programs had a positive impact on overall employee privacy awareness.

60% of manufacturers and 52.5% of software and IT services companies see the biggest barrier to adopting Compliance as Code is that no one is using the technology.

15% of CISOs ranked compliance status as a top performance metric, compared to 45% of boards.

Over a billion credentials were stolen in malware attacks within a 12-month period.