Less than a third of companies consistently meet compliance standards
New research shows that only 29 percent of all organizations say their compliance programs consistently meet internal and external standards.
The report from Swimlane reveals that fragmented workflows, manual evidence gathering and poor collaboration between security and governance, risk and compliance (GRC) teams are leaving organizations vulnerable to audit failures, regulatory penalties and security gaps.
"The burden of compliance weighs heavy on security and GRC teams, and the pain is growing faster than teams can adapt," says Michael Lyborg, CISO at Swimlane. "Regulations are shifting, expectations are rising, and yet most organizations still rely on processes that were never designed for this level of complexity. Until now, everything has been massive spreadsheets. Without better coordination and smarter workflows, even well-intentioned programs will fall short."
Staying up to date with compliance rules is a growing issue, and 96 percent of organizations say it's challenging to keep up with the growing number of industry regulations. Collecting data is an issue too, 92 percent of respondents rely on three or more tools to gather audit evidence, often resulting in duplicated effort and disjointed workflows. On average, just 39 percent of the audit evidence process is automated.
Over half of organizations (54 percent) spend more than five hours each week on manual compliance tasks. Not surprising then that 62 percent say their audit evidence-gathering process is at least occasionally error-prone.
In addition 90 percent of organizations are concerned that poor collaboration between GRC and security teams is undermining audit preparation. Differing priorities, unclear roles and communication breakdowns are major barriers to alignment.
"Audit readiness is harder than it should be," says Jack Rumsey, head of GRC at Swimlane. "Teams are wasting time chasing evidence, interpreting requirements in isolation and stitching together data across disconnected systems. This report highlights just how unsustainable that model has become -- and why it's time to rethink how to manage compliance from the ground up."
The full report is available on the Swimlane site and there will be a webinar to discuss the findings on May 15th at 12 PM ET.
Image credit: BiancoBlue/depositphotos.com