IT and security pros spend over 4,000 hours a year on compliance
IT and security professionals spend an average of 4,300 hours annually achieving or maintaining compliance, according to a new study.
The survey, from automation platform Drata of 300 IT and security professionals in fast-growing organizations across the US, finds 87 percent of respondents have faced consequences as a result of not having continuous compliance, these include slowed sales cycles, security breaches, business interruption, loss of a business relationship, a damaged reputation, or fines.
Shortage of staff is a leading challenge in maintaining compliance, with the majority of survey respondents saying that increasing budgets and automating processes would improve their abilities. 74 percent admit to vulnerabilities in their risk or security programs that are not being addressed or covered due to a lack of bandwidth or resources.
"It's clear to see that most IT and infosec professionals understand the importance and value of their compliance programs," says Adam Markowitz, Drata's co-founder and CEO. "But without proper budgeting and automation, they unfortunately feel stuck in the manual management of those programs, and that's where long-term issues arise and where growth is ultimately prohibited."
There some positives from the findings, 68 percent of respondents believe compliance opens new business opportunities or acts as a differentiator, while only 32 percent view it as burdensome or just a checkbox.
For those who already have continuous compliance automated processes, the number one benefit -- cited by 67 percent -- is the ability to easily attract new customers.
The full 2023 Compliance Trends Report is available from the Drata site.
Image credit: photographee.eu/depositphotos.com