Coalfire released its new
Securealities 2023 Compliance Report developed
in partnership with Informa's Omdia research division. The report
captures the changes in today's world of compliance, detailing how 300+
security leaders are addressing compliance investments, organization
governance, framework updates, tooling, automation, and more. Coalfire
reveals that companies are struggling more than ever in managing
multiple compliance frameworks within complex, hybrid-cloud environments
and are increasingly turning to automation to meet the challenge.
"The early adopters that embraced compliance automation are starting
to see returns on their investments by optimizing multiple regulatory
frameworks including NIST, SOC, ISO, HITRUST, PCI, FedRAMP, and CMMC,"
said Adam Shnider, executive vice
president of compliance services at Coalfire. "Breaking away from
traditional audit cycles, today's platform-driven solutions now allow
companies to continuously integrate, deploy, and monetize their
compliance capabilities by entering new markets and engaging new
customers."
The Coalfire Compliance Report shows that technical options are increasing, as are complexities and costs.
- A staggering 84% of retail, financial services, tech, and
healthcare companies are impacted by the mandatory requirements of data
protection frameworks and are compelled to frequently and consistently demonstrate compliance to customers, regulators, and supply chain partners.
- Almost 70% manage at least six frameworks. 59% have multiple systems now subject to compliance requirements.
- More than half (58%) report an uptick in compliance costs since 2020; over 40% claim 25%+ budget increases since then and believe their compliance spend will continue to grow.
- Fifty-six percent of large enterprise respondents report using automation software to manage compliance. 64% of large enterprise respondents (revenue over $1 billion) have embraced tools to support evidence mapping to manage costs within multi-framework environments.
Unfortunately, many of those leveraging automation are seeing costs
rise, which suggests that many are introducing software without
re-engineering for coordinated assessment processes.
Though
costs have increased for many companies, organizations are slowly
balancing workflows and starting to see investments pay off, signifying a
change in momentum. With this paradigm shift, Coalfire expects costs to
come down in future reporting due to improved platform and software
capabilities supporting evidence collection and maintenance.
"Global security compliance controls and regulatory acceleration in
the multi-cloud era are complex and must be met with efficiency and
scalability", states Cisco Global Head of Cloud Compliance Prashant
Vadlamudi. "Meeting these challenges is key to a secure cloud, and for
every enterprise, building your trust story is the lifeline to
competitive advantage. Cisco aligns with Coalfire in our shared belief
that compliance automation and cross-framework cloud engineering is the
rising tide that lifts all boats."
While 77% of organizations plan to migrate to updated frameworks
soon, the report shows that nearly a quarter (23%) are under-prepared
for this impending series of transitions and deadlines. Especially for
cloud service and SaaS providers, failure to comply with more stringent
guardrails in a timely manner can result in added corporate liability
and potential personal legal exposure for executives.
The report confirms that privacy, commercial trade, and defense
intelligence risks have arrived at a critical tipping point. Government
cloud migration and regulatory maturity are transforming business
processes and the entire economy. As the cybersecurity industry's top
compliance, advisory, and testing firm, Coalfire's research informs
best-practice security programs within today's next-generation standards
frameworks.
Access the full report.