Of the organisations that measure the operational cost of managing compliance, 10.1% track IT costs.

53.2% of CISOs take note of their organisation's regulatory requirements.

66.7% of education businesses are challenged by audit readiness and their maturing compliance program.

41% of CISOs said that OSCAL adoption is hindered by both a lack of usage and a difficulty in understanding its importance.

25.5% of CISOs assume current GRC processes are not broken.

17.6% of CISOs believe that manual processes are easier than using Compliance as Code.

Almost two thirds of organisations (63.7%) do not feel that meeting new regulatory requirements slow their organisational growth.

75% of retail and consumer goods and 62.5% of entertainment and media corporations are coping with the lack of a centralized system, but retailers are also challenged by silos within their data (75%).

Nearly one-third (33.2% of organisations) have incorporated automation without GenAI tools.

Approximately four out of five (79.8% of CISOs) believe that a reduction in manual processing is the biggest opportunity to add automation to their compliance and risk management program.