56% of IT, security, risk, and compliance professionals use a common controls framework (CCF) to streamline GRC processes.

86% of IT, security, risk, and compliance professionals have a centralized team to manage GRC.

14% of IT, security, risk, and compliance professionals manage GRC via individual teams or business units.

11% of the security staff budget for Fortune 500 organizations with 50+ security FTEs is allocated to GRC.

66% of security services providers primarily use a GRC or compliance automation platform.

Organisations cited financial penalties (39%), security breaches (36%), and reputational damage (36%) as the top risks of poor compliance management

Over half of organisations (54%) spend more than five hours each week on manual compliance tasks.

90% of organisations are concerned that poor collaboration between GRC and security teams is undermining audit preparation.

96% of organisations say it’s challenging to keep up with the growing number of industry regulations.

Only 29% of all organisations say their compliance programmes consistently meet internal and external standards.

On average, just 39% of the audit evidence process is automated.

92% of respondents rely on three or more tools to gather audit evidence.