AuditBoard

45% of enterprises are updating existing frameworks.

35% of enterprises are adopting new frameworks.

40% of enterprises plan to increase cybersecurity staffing.

The median enterprise maps its controls to about seven frameworks.

The median enterprise maps its controls to about 2,700 requirements.

The GDPR is one of the top 5 frameworks adopted by organizations.

Fewer than 30% of enterprises feel prepared for upcoming AI governance requirements.

ISO 27001 is one of the top 5 frameworks adopted by organizations.

NIST Cybersecurity Framework (CSF) 2.0 is one of the top 5 frameworks adopted by organizations.

Enterprises conducting six or more risk assessments per year report stronger overall risk discipline and telemetry scores.

The Secure Controls Framework (SCF) is one of the top 5 frameworks adopted by organizations.

SOC 2 is one of the top 5 frameworks adopted by organizations.

52% of organisations in the UK and Germany report being compliant with NIS2, while another 44% plan to meet requirements by the end of next year.

Those claiming compliance with the EU AI Act, 55% say they have implemented risk management frameworks.

51% of those claiming compliance with the EU AI Act in the UK and Germany execute comprehensive risk assessments.

91% feel that the EU AI Act will positively impact their organisation's use and development of AI applications.

92% of executives in the UK and Germany say they have real-time insights into compliance posture compared to just 69% of management professionals.

63% of those claiming compliance with the EU AI Act in the UK and Germany report having transparency measures in place.

91% of professionals in the UK and Germany feel that the EU AI Act will positively impact their organisation’s use and development of AI applications.

83% of professionals are concerned about third-party AI use in regard to compliance with the EU AI Act.

90% of professionals surveyed in the UK and Germany report conformance with DORA, the NIS2 Directive, and/or the EU AI Act will impact their workload.

61% of organisations surveyed consider compliance with NIS2 a high priority.

Only 52% of organisations report being compliant with NIS2, while another 44% plan to meet requirements by the end of next year.

Those claiming compliance with the EU AI Act, 63% report having transparency measures in place.

90% of professionals surveyed report conformance with DORA, the NIS2 Directive, and/or the EU AI Act will impact their workload.

38% of InfoSec professionals expect to be impacted to a great extent, compared to 29% of risk management professionals and 28% of IT professionals.

91% of risk management, information technology (IT), and information security (InfoSec) leaders in the UK and Germany report feeling concerned about cybersecurity threats.

92% of executives say they have real-time insights into compliance posture compared to just 69% of management professionals.

Those claiming compliance with the EU AI Act, just over half (51%) execute comprehensive risk assessments.

55% of those claiming compliance with the EU AI Act in the UK and Germany say they have implemented risk management frameworks.

Among those claiming compliance with the EU AI Act:

91% of respondents in the UK and Germany report feeling concerned about cybersecurity threats.

38% of InfoSec professionals in the UK and Germany expect to be impacted to a great extent by compliance efforts, compared to 29% of risk management professionals and 28% of IT professionals.

83% of professionals in the UK and Germany are concerned about third-party AI use in regard to compliance with the EU AI Act.