The recently published "State of Trust Report 2023", performed by Vanta, a company that provides a security and compliance platform for software businesses, sheds light on the pressing need for organizations worldwide to enhance their security and compliance measures. Surveying 2,500 IT and business decision-makers across Australia, France, Germany, the UK, and the U.S., the report underscores the critical challenges faced by companies in maintaining a robust security posture.
Security Improvement Imperative: Over two-thirds of respondents express the need for their organizations to improve security and compliance measures. Regional variations highlight varying levels of concern, with France at the forefront (76%) and Germany expressing a relatively lower level of concern (55%).
Resource Constraints: Despite the consensus on the need for improved security, the report reveals that only 9% of IT budgets are dedicated to security. Shrinking budgets and staffing resources pose significant challenges, with 60% of organizations having downsized IT budgets or planning to do so.
Compliance Challenges: Respondents spend an average of 7.5 hours per week on security compliance, with more than half struggling to remain compliant with different national regulations. Limited risk visibility and significant blind spots, such as identity and access management and non-compliant data processing, contribute to the complexity.
Transparency and Customer Trust: Demonstrating security to customers and third parties is increasingly crucial, with 66% agreeing that stakeholders seek proof of security and compliance. However, companies face difficulties in maintaining and demonstrating their security posture, with 12% admitting they can't provide evidence when asked.
Automation as a Solution: Despite resource constraints, there is a growing acknowledgment that automation could alleviate the burden of security and compliance tasks. Sixty-three percent of respondents believe that time and money could be saved by automating compliance with different regulations and frameworks.
Challenges and Opportunities:
Resource Stalls: Shrinking budgets and staffing resources present significant barriers to organizations in proving and demonstrating security externally. One in four businesses surveyed has reduced IT staff, and 33% report decreasing overall IT budgets.
Deprioritization of Compliance: As compliance efforts demand time and financial investment, 43% of businesses admit to deprioritizing compliance. Larger organizations, with over 250 employees, face more significant challenges in prioritizing compliance due to the required financial investment.
Business Case for Better Security: Despite challenges, the report emphasizes that a better security and compliance strategy positively impacts businesses. Improved reputation, trusted status with customers, and increased efficiency are among the perceived benefits.
Automation and Future Outlook:
Saving Time and Money: The report highlights the potential for automation to save time and money, with 63% of respondents expressing this belief. Businesses are increasingly recognizing the value of automation, particularly for reducing manual work and streamlining vendor risk reviews and onboarding.
Global Considerations: Sixty percent agree that their business is more likely to consider automating security compliance when scaling to different markets. French respondents, in particular, express a higher likelihood (67%) of considering automation when expanding globally.
The "State of Trust Report 2023" findings underscore the complex landscape organizations navigate concerning security and compliance. As businesses grapple with resource constraints, the potential of automation emerges as a key solution to streamline processes and improve overall security efficiency.
In our blog, we post technology-related articles weekly. Follow us on Facebook and Instagram to get notifications about updates.