37% of financial services organizations are dealing with higher costs passed on by ICT vendors as a consequence of DORA.

The average cost of recovery from a ransomware attack dropped from $2.73 million in 2024 to $1.53 million in 2025.

30% of CISOs spend less than $100,000 annually on compliance.

50% of CISOs said that, on an annual basis, they spend more than $200,000 worth of capital and dedicated staff resources to achieve and maintain compliance across their organisation.

$500,000 is the average financial impact of a data breach within the utilities sector.

20% of CISOs spend between $100,000 and $200,000 annually on compliance.

38.3% of CISOs cited cost as a challenge in implementing new or updated compliance frameworks.

38.5% of CISOs said GRC tools are too expensive.

54.2% of respondents to the CISO Society survey feel that they have the talent to meet future regulatory requirements.