40+ IT Compliance Statistics You Need to Know in 2024

Following a series of widely publicized security breaches in 2022, C-suites shifted their focus to governance, risk, and compliance. Reports and surveys show that security and compliance professionals are under increasing pressure as a result of this focus. The goal is clear: either improve their risk response or risk becoming the next security breach breaking news story.

New Regulations On the Horizon

By 2023 in the US, nearly 30 states had either enacted some form of privacy protection law or had drafts under consideration for passage. Five of these states have already implemented comprehensive policies. Recent amendments to these policies have been effected, with more on the horizon, aimed at ensuring that protection remains both comprehensive and current.

Adding to the US regulatory landscape, the EU Data Governance Act (DGA) came into effect in late 2023. Data access and sharing processes within the public sector are expected to be streamlined by this act. However, it comes with added complexity as organizations struggle to comply with data transfer regulations.

Keeping these regulations in mind is of paramount importance for companies. Brand reputation is at risk as well as hefty penalties that can amount to millions of dollars if regulatory compliance is not achieved.

In In this blog post, we present some key IT compliance statistics for 2023 to enhance your awareness of potential upcoming risks and develop an effective IT compliance strategy.

40+ IT Compliance Statistics You Need to Know in 2023

• Hyperproof's 2023 IT Compliance and Risk Benchmark report has revealed that 51% of respondents face difficulties in identifying critical risks that require immediate remediation. Although the respondents were confident in their abilities to address risks, they acknowledged that they are still struggling to identify and prioritize the most critical ones.
• 57% of organizations plan to dedicate more time to risk compliance management in 2023, compared to only 35% in 2022.
• 63% of survey participants intend to increase their spending on IT compliance and risk management, a significant rise from the 45% reported in 2022.

• The use of spreadsheets to manage IT compliance has significantly decreased from 43% in 2022 to only 10% in 2023. In contrast, the use of GRC software for various tasks such as risk tracking, risk management, IT compliance management, and third-party risk management has increased over the years.
• Although only 10% of the respondents mentioned that they still use spreadsheets to manage their IT compliance efforts, the survey also highlighted that only 10% of the respondents have a consolidated view of risks and have synchronized their risk and compliance activities.
• In the next two years, 70% of respondents plan to grow their compliance team.
• In Drata's 2023 Compliance Trends report, 99% of companies plan to achieve some level of continuous compliance over the next five years.
• 40% of teams use automation to continually review compliance controls, while 55% conduct manual reviews. The remaining 5% only perform reviews when required or before an audit.
• Due to limited budgets and resources, 74% of organizations are unable to properly address vulnerabilities.
• NorthRow's study found that 73% of leaders believe meeting compliance standards improves the perception of their company.

• The most common barrier to compliance success, according to Clausematch's 2023 State of Compliance Technology Report, is manual processes (16%).
• 45% of compliance teams are comfortable using cloud-based compliance software.
• According to an Accenture study, 95% of compliance staff have built or are building a culture of compliance within their organization.
• According to Thomson Reuters' report "10 Global Compliance Concerns for 2023", 83% of banks use AI, and 12% are developing and testing AI systems.

Suggested Reading: AI in Cybersecurity

• 40% of teams faced a security breach caused by blind spots resulting from manual compliance practices Manual compliance practices caused 40% of teams to experience security breaches.

Meta owes the largest EDPB fine for non-compliant practices at 1.2 billion euros.

• According to a whitepaper published by Globalscale, businesses with fewer than 5,000 employees incur higher compliance costs per capita.
• The majority of compliance costs come from indirect sources, such as administrative fees. A third of the costs are direct, such as payments to auditors.
• Around 40% of compliance teams plan to invest in new technology to achieve proactive, shared compliance.
• Over three-quarters of audit teams lack modern technology solutions, according to the Institute of Internal Auditors (IIA).
• RegTech solutions have an impact on how businesses approach compliance management, according to 34% of businesses.

The term 'RegTech' refers to the use of new technologies to address the ever-increasing data environment required for regulatory compliance.

• In third-party risk management, 58% of compliance teams report gauging vendor responsiveness as their biggest challenge.
• There have been 24,780 international compliance standards implemented by the ISO, with 1,412 added in 2022.
• GDPR compliance is viewed as the hardest aspect of compliance by 90% of compliance workers.
• DLA Piper's findings show that since the application of GDPR on May 25, 2018 up to Jan. 10, 2023, the total aggregate fines reported amount to 2.92 billion euros (or $3.1 billion).
• As per Gartner, more than 8 in 10 organizations discover third-party risks after due diligence period.
• According to MetricStream's State of Compliance Survey Report , 62% of businesses expect more compliance involvement in cyber security in the future.
• The average compliance onboarding success rate is 80%.

• Gartner predicts that by 2023, 65% of the world's population will have their private data covered by modern privacy regulations.
• In Refinitiv's Global Risk and Compliance Report , 86% of respondents agreed that innovative digital technologies have helped identify financial crimes.
• 44% of firms say they are being asked to provide proof of cybersecurity as part of a request for proposal (RFP).
• Some or all compliance functions are outsourced by 34% of organizations.
• Security professionals say upgrading their tools is the best way to improve their company's security posture (67%).
• Bloomberg reports that 50% of organizations spend 6-10% of their revenue on compliance.
• Only 43% of respondents felt that recent regulatory changes had been beneficial for the industry, even though regulatory change is supposed to prevent poor behavior and improve customer outcomes.
• Organizations spend 73% of their time managing third-party permissions and remote access.
• Tracking third-party compliance is challenging for 48% of organizations.
• In a study conducted by White&Case and KPMG, companies reported more compliance escalations (25%) than decreases (15%).
• According to 78% of respondents, data analytics helps mitigate compliance risks.
• 51% of respondents have trouble prioritizing remediations based on critical risks.
• Risk compliance management is expected to take more time in 2023, according to 57% of surveyed organizations.

Key Takeaways

Following significant security breaches in 2022, the focus in 2023 has sharply turned towards robust IT compliance and risk management. With the introduction of privacy laws in various US states and the EU's Data Governance Act, organizations are pivoting away from traditional spreadsheet-based compliance towards specialized software tools. This shift, driven by the financial and reputational risks of non-compliance, highlights the pressing need for digital transformation in risk management strategies.