Organizations don’t trust agentic AI when it comes to compliance
A new report from compliance management company Strike Graph finds a worrying disconnect between the growing complexity of regulatory frameworks and organizations' confidence in their ability to manage them.
According to the report, potential errors (63 percent) and data security issues (50.5 percent) are the greatest concerns for respondents adopting AI in compliance processes. That may explain why only 10.6 percent have adopted advanced, agentic AI systems that are poised to revolutionize the governance, risk, and compliance (GRC) market.
Based on a survey of compliance executives, security leaders, and business decision-makers across industries, the report highlights both optimism and hesitation as AI adoption accelerates within compliance functions. While 21.3 percent of respondents report that their business does not currently use AI or automation in any part of their compliance processes, 72.5 percent plan to incorporate new AI features into their compliance processes in the next 12+ months.
The regulatory burden is increasing too, 42.6 percent of respondents simultaneously manage four or more compliance frameworks, with SOC 2 (45.8 percent), GDPR (45.4 percent), HIPAA (42.1 percent), and ISO 27001 (33.8 percent) being the most common. In addition, 54 percent expect the number of frameworks they manage to increase further.
Half of respondents (50.3 percent) report that compliance frameworks are becoming increasingly complex, with 55.6 percent citing this increasing complexity as one of their biggest concerns.
The survey reveals a substantial market opportunity for AI-powered GRC platforms. While 58.9 percent of respondents don't currently use a GRC platform, 39.5 percent are considering adoption -- and 79 percent say AI automation will be a deciding factor when selecting a GRC platform.
"Our survey data signals that regulatory complexity is growing faster than compliance teams’ confidence in their current systems ability to keep pace,” says Justin Beals, co-founder and CEO of Strike Graph. “Organizations are betting on AI out of necessity, not convenience, and weighing the potential time and cost savings over concerns of data accuracy and security. The sizable gap between organizations eager to adopt these solutions and those that have already implemented them reveals a lack of confidence in current GRC platforms. There’s a real need for purpose-built, secure AI-native compliance platforms that drive results while also reducing risk across the organization."
The full report is available from the Strike Graph site.
Image credit: Siphotography/depositphotos.com