Only 20% of financial services professionals believe AI has had a "very positive" effect on their financial crime compliance framework – down from 37% in 2023.

76% of organisations cannot produce a complete data asset inventory within hours when needed for compliance or security incidents.

96% of UK senior security professionals say DORA will significantly enhance overall resilience across the EU and the EU business ecosystem.

23% of UK security professionals cite a lack of visibility over supply chain/third-party partners as a barrier to DORA compliance.

More than one-third of organisations (34.2%) hope to achieve their KPIs for compliance benchmarks by incentivizing success or by penalizing failure, or by implementing both incentives and penalties.

69.7% of CISOs said cost is most important when selecting tools/vendors to provide governance and continuous controls monitoring.

Over a billion credentials were stolen in malware attacks within a 12-month period.

Stolen credentials are involved in nearly half (44%) of all data breaches.

Of the 1.8 million breached administrator credentials, 40,000 admin portal accounts had the password ‘admin’.

53.2% of CISOs take note of their organisation's regulatory requirements.

Roughly 50% of CISOs expect automation to optimize compliance through a single pane of glass.

50% of CISOs said that, on an annual basis, they spend more than $200,000 worth of capital and dedicated staff resources to achieve and maintain compliance across their organisation.

46.2% of organisations said they don’t have a sufficient budget to invest in GRC tools.

Roughly two-fifths of CISOs are challenged by evidence gathering (41.5%) as a challenge in satisfying regulatory requirements.

59% of CISOs said they would become a whistleblower if their organisation was ignoring compliance requirements.

40% of businesses view data sovereignty as a compliance issue.

25% of businesses cited changes in legislation and regulation as a key business risk.

13.7% of CISOs said their compliance program is a 1 (“Initial: ad-hoc”), and 23% said their program is a 2 (“Established: documented and repeatable”).

More than a third (37.8% of CISOs) said their relationship between compliance and security is in a phase of simple negotiations.

25.5% of CISOs assume current GRC processes are not broken.