41% of healthcare IT and compliance leaders feel confident they could detect improper AI use before a HIPAA violation occurs.

7% of respondents identified that it’s difficult to know if their company's API program is compliant with new policies/regulations.

52% of organizations in France are especially concerned about complex compliance requirements of sustainable AI practices compared to other countries.

23% of organizations adopting AI identify regulatory compliance as an area where they are least prepared to address threats.

98% of security leaders reported using AI to manage security compliance in some capacity.

Supporting compliance with security policies is a top security convergence goal for 33% of organizations in France.

6.0% of organizations expect Governance and compliance in AI security to require the most new investment over the next 12 months.

25% of respondents are concerned about regulatory compliance related to AI usage.

12 S&P 500 companies warn that new AI-specific rules will bring heightened compliance obligations and potential enforcement actions related to compliance and enforcement.

13 S&P 500 companies warn of sensitive exposure under the General Data Protection Regulation, Health Insurance Portability and Accountability Act, and California privacy laws (CCPA/CPRA) related to privacy.

6 S&P 500 companies highlight uncertainty over how courts will treat IP claims tied to AI training data or who bears liability when autonomous AI systems cause harm due to cross-cutting legal risks.

24 S&P 500 companies highlight risks spanning copyright disputes, trade-secret theft, and contested use of third-party data for AI model training related to intellectual property.

51% of data and IT leaders would shift their AI/ML deployment strategy for better data sovereignty/compliance

The approximate annual budget contractors are investing in compliance, as budgets have grown, is nearly $50,000.

70% of financial services firms report that delays in scheduling pentests sometimes impact compliance or business timelines.

More than 80% of small healthcare practices expressed confidence in their current HIPAA compliance posture.

64% of small healthcare practices believe patient portals are required for HIPAA compliance.

20% of healthcare practices do not utilise any form of email archiving or audit trail.

98% of small healthcare organisations falsely believe they are HIPAA compliant.

"Small" violations can cost healthcare practices anywhere from $25,000 to $9.76 million per incident.