More than a third (37.8% of CISOs) said their relationship between compliance and security is in a phase of simple negotiations.

66.7% of education businesses are challenged by audit readiness and their maturing compliance program.

230 million of the breached passwords met standard complexity requirements, including length, capitalisation, numbers and special characters.

30% of CISOs spend less than $100,000 annually on compliance.

Most organisations (57.9%) spend at least some of their budget on GRC tools to collect and maintain compliance evidence.

Almost half of the CISOs who rated their compliance programs a 1 or 2 attributed their difficulties to a lack of personnel or resources.

Of the organisations that measure the operational cost of managing compliance, 10.1% track IT costs.

21% of CISOs revealed they had been pressured not to report a compliance issue.

64% of CISOs reveal that the current threat and regulatory environment make them concerned they’re not doing enough.

58% of UK CISOs report that regulations put enhanced pressure on their wellness.

76.1% of CISOs said integrations are most important when selecting tools/vendors to provide governance and continuous controls monitoring.

40.4% of CISOs are challenged by the lack of a centralized system as a challenge in satisfying regulatory requirements.

Almost one-third (31.1% of CISOs) believe that their company’s resistance to change is primarily driven by financial matters.

26.1% of CISOs cited the rate of regulatory change as a challenge in implementing new or updated compliance frameworks.

43.6% of CISOs cited control mapping as a challenge in implementing new or updated compliance frameworks.

38.5% of CISOs said GRC tools are too expensive.

84% of organizations say a lack of transparency in applying AI applications within business processes is causing regulatory compliance issues.

17.6% of CISOs believe that manual processes are easier than using Compliance as Code.

79% of UK CISOs report that the implementation of regulations has had an impact on their mental health.

43% of the UK financial services industry will miss the Digital Operational Resilience Act (DORA) deadline.