11% of the security staff budget for Fortune 500 organizations with 50+ security FTEs is allocated to GRC.

66% of security services providers primarily use a GRC or compliance automation platform.

Organisations cited financial penalties (39%), security breaches (36%), and reputational damage (36%) as the top risks of poor compliance management

Over half of organisations (54%) spend more than five hours each week on manual compliance tasks.

90% of organisations are concerned that poor collaboration between GRC and security teams is undermining audit preparation.

96% of organisations say it’s challenging to keep up with the growing number of industry regulations.

Only 29% of all organisations say their compliance programmes consistently meet internal and external standards.

On average, just 39% of the audit evidence process is automated.

92% of respondents rely on three or more tools to gather audit evidence.