One-third of small healthcare practices report not having enough time for compliance tasks.

66% of security services providers primarily use a GRC or compliance automation platform.

87% of security providers now offer compliance services.

44% of managed compliance providers state that at least a quarter of their compliance revenue is recurring.

28% of consulting-first security services firms report at least a quarter of their compliance revenue is recurring.

Cybersecurity Controls have been identified as one of the top three "hot" compliance topics for 2025, with 38% of investment adviser firms listing it as a leading priority.

46% of respondents at investment adviser firms reported increased compliance testing around AI—up from 32% last year, but 44% of firms that have adopted AI tools have no formal testing or validation of the outputs from their AI tools.

Cybersecurity ranks as the #2 top area for increased testing, with 55% of CCOs at investment adviser firms reporting heightened focus in this domain.

57% of investent adviser firms list AI usage as a hot compliance topic.

22% of financial services organizations believe the volume of digital regulation is becoming a barrier to innovation or competition.

94% of organizations are clear on the steps they need to take for DORA compliance.

20% of financial services organizations have yet to secure the necessary budget to meet DORA requirements.

40% of organizations call DORA a current "top digital resilience priority".

24% of financial services organizations have not established recovery and continuity testing (a DORA requirement).

23% of financial services organizations have not conducted digital operational resilience testing (a DORA requirement).

24% of financial services organizations have not identified a DORA implementation lead (a DORA requirement).

41% of senior IT decision makers at financial services report increased stress and pressure on IT and security teams due to DORA.

94% of organizations surveyed now rank DORA higher in their organizational priorities than they did in the month before the deadline.

39% of senior IT decision makers at financial services reported DORA remains a central focus.

Only 20% of financial services organizations have yet to implement third-party risk oversight (a DORA requirement).