According to a recent report by Vanta, 67% of businesses are aware of the need to improve their security and compliance measures. Of that percentage, 24% describe their organization's security as reactive. The combination of factors such as increased attack surfaces in a hybrid working environment, limited resources, and budget constraints has created a sense of urgency for companies to bolster their security posture. Unfortunately, many companies, regardless of their size, face challenges in enhancing their security due to limited risk visibility and resource constraints. Only 4 in 10 organizations rate their risk visibility as strong, and 1 in 4 have downsized their IT staff. Furthermore, the challenging global economic environment has led to reduced IT budgets, with 60% of companies either having already reduced or planning to reduce their IT staff. In light of these circumstances, businesses need new methodologies to improve their security.
The situation becomes more complex due to evolving global regulations and the growing demands of compliance with various standards. Customers, investors, and suppliers are increasingly seeking evidence of strong security and compliance practices, with two-thirds of companies reporting this trend. However, 12% of companies admit to being unable to provide evidence when requested, which hampers potential revenue and growth opportunities. On average, organizations dedicate 7.5 hours per week, equivalent to over 9 working weeks per year, to achieve security compliance. Adopting artificial intelligence (AI) raises concerns for 54% of businesses, with 51% suggesting that the use of generative AI could undermine customer trust.
The main obstacles to demonstrating security externally are the lack of sufficient staffing and the absence of automation to replace manual work. Only 9% of IT budgets are allocated to security, and one-third of leaders state that their IT budgets are shrinking. Identity and access management and non-compliant data processing pose the greatest blind spots for organizations. Different global markets face varying challenges and concerns regarding security and compliance. U.S. leaders often delay entering new markets due to compliance requirements, while Australian respondents express the highest concern about the impact of generative AI on customer trust. German leaders frequently find the volume of standards and regulations to be a barrier to maintaining a robust security program. French leaders indicate the highest need for improvement in security and compliance, with 76% acknowledging this need.
Companies in Australia face the most difficulty in providing proof of compliance to customers, while UK leaders focus more on staying up to date with evolving regulations. U.S. companies believe that automating security and compliance tasks could save them at least 3 hours per week. Ultimately, improving security not only enhances efficiency but also builds trust and has a positive impact on businesses. Seventy percent of leaders attribute an improved security and compliance strategy to stronger customer trust, and 72% agree that it would increase efficiency. Consequently, 83% of businesses plan to increase their use of automation, particularly to streamline vendor risk reviews and onboarding processes and reduce manual work. Overall, respondents believe that automating security and compliance tasks could save them approximately two hours per week, equivalent to over 2.5 working weeks per year.Trust management in businesses is undeniably crucial, as stated by the CEO of Vanta. To gain a competitive advantage, companies that challenge traditional security practices are centralizing processes, automating compliance, and speeding up security reviews. This comprehensive approach allows businesses to establish trust and drive growth by overseeing the entire security cycle, from compliance to continuous monitoring and communication.
The utilization of automation and generative artificial intelligence (AI) is a top priority for IT and business decision makers. Currently, 77% of businesses either already use or plan to use AI and machine learning (ML) to identify high-risk actions. When implemented effectively, AI has the potential to significantly expedite security workflows and enhance trust. According to respondents, AI can primarily enhance the accuracy of security questionnaire responses (44%), reduce manual work (42%), streamline vendor risk reviews and onboarding processes (37%), and decrease dependence on large teams (34%).