Additional findings highlight the opportunity to consolidate audits and improve security posture, showing 85% of respondents conducting two or more audits annually across multiple auditors.
May 18, 2022.– Tampa, Fla – Cybersecurity #compliance and audit firm, A-LIGN, officially released its 2022 Compliance Benchmark Report today, highlighting the concern over increased threat of ransomware attacks and the need for organizations to adopt a more streamlined approach to their compliance requirements. The 2022 Compliance Benchmark Survey was conducted from November 2021 through January 4, 2022, with all 732 survey respondents comprised entirely of IT, security and compliance professionals.
“This year’s Benchmark Report brings the organizational compliance mandate into sharp focus,” notes Patrick Sullivan, author of the report and Vice President of Customer Success at A-LIGN. “C-suite executives are placing more and more importance on the value of compliance programs to drive a growth mindset in their organizations as well as a culture of security best practices. By streamlining compliance, companies have more cycles to focus on core security issues along with a tighter handle on the critical security controls necessary to prevent ransomware and implement zero trust.”
Central to the report’s key findings is the continued increase in the centralization and automation of compliance programs. The use of some form of software during audits and assessments is up to 72% from 25% in 2021. Yet, 85% of respondents are still routinely conducting two or more audits annually with a staggering majority using multiple auditors. As companies look to continue streamlining their compliance programs, consolidation is a major theme.
Also telling were the reasons driving compliance activities. The largest number of respondents stated that they needed to show compliance due to customer requests to gain new business. Close behind, the second most common driving factor was attributed to C-level and board security compliance mandates.
2022 A-LIGN Benchmark Report Key Findings Include:
- Organizations Bolster Cybersecurity Defenses Against Ransomware and Cyberattacks: 40% of respondents are planning to develop a ransomware preparedness plan.
- Zero Trust Grabs the Spotlight as an Essential Cybersecurity Strategy: Over half of respondents (58%) agree/strongly agree that zero trust is a strategy they must implement in the next 12 months.
- Companies are Wasting Time and Money by Not Consolidating Audits: Only 15% of organizations practice audit consolidation. 85% conduct two or more audits annually. 65% use two or more auditors.
- Proactive Compliance Management Creates Value and Earns New Business: 22% of respondents said they lost a new business deal due to a missing compliance certification.
- Explosive Adoption of Audit Software Used to Assist Compliance Efforts: 72% of organizations are using some form of software during their audits and assessments, up from 25% last year.
Since organizations are implementing more (and more complicated) compliance programs and are worried about ransomware, proper planning is the theme of this year’s best practice takeaways.
- Develop a Ransomware Preparedness Plan: Ransomware isn’t going away anytime soon, and attacks will likely become much more prevalent throughout the course of this year. The best way to brace for — and mitigate — the impact of a ransomware attack is to have a comprehensive plan in place.
- Create a Master Audit Plan: Organizations’ greatest compliance challenges are all found to be related to a lack of strategic alignment in their compliance programs. A Master Audit Plan (MAP) provides a simple yet powerful way for companies to design an audit strategy that provides greater visibility into the efforts required from each team or department, what is needed for each audit, and which pieces of evidence can be repurposed.
- Move from Tactical to Strategic Compliance: For compliance to realize its full potential, companies must embrace a mindset in which the compliance function is part of the organization’s strategic and leadership big picture.
The report is split into seven industry segments, covering a comprehensive range of industry topics from compliance budget projections to planning for ransomware, each with tailored compliance insights from a variety of perspectives. For more details and a comprehensive analysis of the research, download the 2022 Compliance Benchmark Report here: https://www.a-lign.com/resources/2022-compliance-benchmark-report?lp=1
A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to help mitigate cybersecurity risks. A-LIGN uniquely delivers a single-provider approach as a licensed SOC 1 and SOC 2 Assessor, accredited ISO 27001, ISO 27701 and ISO 22301 Certification Body, HITRUST CSF Assessor firm, accredited FedRAMP 3PAO, candidate CMMC C3PAO, and Qualified Security Assessor Company. Working with small businesses to global enterprises, A-LIGN experts and its proprietary compliance management platform, A-SCEND, are transforming the compliance experience.