supernav-iconJoin Us at AWS re:Invent 2024

Contact Sales

  • Sign In
  • Get Started
HomeBlogCompliance Statistics

85 Compliance Statistics You Need To Know in 2023

Richard Stevenson

by Rick Stevenson

July 14, 2023
Compliace Statistcs Hero
Contents
Compliance Trends for 2023Global Compliance StatisticsData Security Compliance and Data Breach StatisticsCost of Non-Compliance StatisticsCompliance Management StatisticsThird-Party Compliance StatisticsCompliance Statistics by FrameworkHow Drata Can Help You Achieve and Maintain Compliance

Working in the compliance space is a marathon, not a sprint. Each year, new regulations roll out for different frameworks and industries. For many businesses, keeping up with change isn’t only a question of money. Knowing what changes are coming and how they affect you is half the battle. 

Across the globe, new rules and risks surrounding security compliance can vary. So, to help you stay on top of trends, we’ve compiled a list of the top 85 compliance statistics. We recommend taking it from the top, but you can also jump to a specific section below. 

2023 presents new challenges and changes in the compliance field. Whether you want to get up to speed on trends from previous years or check the pulse on new IT security and compliance standards, keep these statistics in mind: 

1. 91% of companies plan to implement continuous compliance in the next five years (Drata).

2. 87% of organizations report negative outcomes resulting from low compliance maturity or reactive compliance (Drata).

3. Three in four organizations with some degree of continuous compliance report their approach drives business. By contrast, 76% of companies that use point-in-time compliance argue the related effort poses a burden (Drata).

4. 40% of teams continually review compliance controls with automation. 55% of teams conduct reviews in manual intervals. The remaining 5% only perform reviews when it’s required or right before an audit (Drata).

5. 41% of businesses without continuous compliance report slowdowns on the sales cycle as a result (Drata).

6. 67% of companies with continuous compliance have larger teams. On the other hand, just 50% of teams using point-in-time have large teams (Drata).

7. 71% of organizations rate their compliance capabilities as excellent or very good. By contrast, just 29% rate theirs as good or fair, and 0% self-rated as poor (Drata).

8. 77% of organizations with continuous compliance indicate an excellent or very good compliance rating. However, only 67% following point-in-time practices rated their compliance program as highly (Drata).

9. 74% of organizations report they are not able to properly address vulnerabilities due to limited budgets and resources (Drata).

10. 74% of organizations state that compliance is a burden (Drata).

11. Compliance training is the top priority for 42% of teams in 2023. Environmental, social, and governance (ESG) initiatives are one of the lowest priorities for compliance teams, with just 18% of respondents noting it (NorthRow).

12. 25% of organizations spend less than 1,000 hours on compliance a year. 35% spend 1,000 to 4,999 hours, 20% spend 5,000 to 9,999 hours, and the last 20% spend over 10,000 hours on compliance a year (Drata).

Compliance Hours

13. One-third of anti-money laundering compliance teams face insufficient data coverage and accuracy issues (NorthRow)

14. One in five KYC (Know Your Customer) checks take more than 24 hours (NorthRow).

15. The average compliance onboarding success rate sits at 80% (NorthRow).

16. On average, 25% of business revenue is spent on compliance costs. 18% of businesses estimated that more than 50% of revenue is spent on compliance costs (NorthRow).

17. 40% of compliance teams use basic productivity tools such as word processors and spreadsheets to run processes (NorthRow).

18. 73% of leaders state that meeting compliance standards improves the perception of their business (NorthRow).

19. Businesses report the four most common barriers to compliance success as manual processes (16%), disconnected technology and legacy systems (15%), limited headcount (15%), and budget restrictions (14%) (Clausematch).

20. 57% of teams claim that current market trends led to reduced budgets or paused compliance transformation (Clausematch).

21. 41% of compliance specialists believe their compliance technology budgets will increase, and 42% think it will remain the same this year. Only 17% of respondents anticipate budget decreases (Clausematch).

22. 45% of compliance teams said they are comfortable shifting to cloud-based compliance technology (Clausematch).

23. 95% of compliance staff have built or are building a culture of compliance to share the responsibility across their organization (Accenture).

24. 93% of compliance teams agree that new technology like artificial intelligence and cloud software makes compliance easier (Accenture).

Global Compliance Statistics

Digital security and the global economy go hand in hand. No matter where you set up shop, international businesses must meet global standards. With that in mind, here are a few of the top global compliance statistics:

25. 83% of respondents to a European Banking Authority survey reported that they use AI, while 12% are developing and testing AI solutions (Thomson Reuters).

26. 66% of global compliance teams in 2022 said they expected the cost of senior compliance staff to increase. 47% of this group claimed budget increases accommodated the demand for skilled staff and knowledge (Thomson Reuters).

27. Russia’s invasion of Ukraine sparked an unprecedented round of sanctions causing anti-money laundering and know-your-customer departments to go into overdrive to comply with new requirements (Thomson Reuters).

28. 90% of compliance professionals in the Philippines, Mexico, Thailand, Indonesia, China, and Vietnam claim that privacy regulation has a positive impact on their business (Cisco).

29. Asia-Pacific geographies had the highest percentage of compliance staff stating privacy was an area of responsibility. By country, the responses came out to: Indonesia (45%), Vietnam (43%), India (43%), and Malaysia (42%). The lowest percentages were in the U.K. (24%), Columbia (23%), France (22%), and Chile (19%) (Cisco).

Countries compliance

30. 9% of businesses report the need to adapt compliance to global data protection and privacy laws (Clausematch).

31. Leaders claim keeping up with global regulatory and political change tops the list of challenges for 2023 (NorthRow).

Data Security Compliance and Data Breach Statistics

Data breaches can pose a worst-case scenario for any business. Compromised data can lead to fines, lawsuits, and the loss of crucial information. To help wrap your head around cybersecurity compliance standards, here are a few takeaways:

32. Identity-based attacks are rising, as 90% of web app breaches resulted from credential abuse (Verizon).

33. Over 60% of data breaches involve weak or stolen credentials (Verizon).

34. The average cost of a business data breach reaches $4.24 million per incident (IBM)

35. US organizations spend an average of $78.5 million on cybersecurity (Ponemon Institute).

36. 54% of organizations have experienced a cyberattack in the last year (Ponemon Institute).

37. 40% of teams faced a security breach caused by blind spots resulting from manual compliance practices (Drata).

38. One-third of compliance teams cite cybersecurity as one of their top concerns for the year (NorthRow).

39. Finance and healthcare are the two top sectors at risk of cybersecurity attacks—58% of financial organizations and 55% of healthcare organizations reported a third-party data breach in the last year (Ponemon Institute).

Cost of Non-Compliance Statistics

Non-compliance cost

Ignoring compliance can be a costly mistake. To understand what's at stake, here are a few insights into the cost of non-compliance:

40. Meta owes the largest EDPB fine for non-compliant practices at 1.2 billion euros (European Data Protection Board).

41. Smaller companies with less than 5,000 employees rack up higher per capita compliance costs than larger businesses with 5,000+ employees (Globalscape).

42. Indirect costs, such as administrative fees, make up 40% of compliance costs. Direct costs, such as payments to auditors, represent 32% (Globalscape).

43. 47% of compliance professionals expect the cost of senior compliance staff to increase (Thomson Reuters).

44. Nine in 10 business leaders think evolving business, regulatory, and customer demands will increase their compliance operating costs by up to 30% (Accenture).

45. 61% of compliance officers anticipate increased spending on their compliance processes in the next two years (Accenture).

46. 54% of compliance staff believe artificial intelligence and machine learning will improve compliance at cut costs. However, many believe AI could become a source of disruption (Accenture).

47. 40% of compliance teams plan to invest in new tech to achieve proactive, shared compliance responsibility (Accenture).

Compliance Management Statistics

compliance officer skills

Compliance leaders have plenty of work on their plates. Executive decisions can vastly affect business outcomes as much as compliance automation or new tools. From internal audits to chief compliance officers, here are some interesting things to note: 

48. Businesses report the top skills for an ideal compliance officer are subject matter knowledge, clear communication, and anticipation of regulatory trends (Thomson Reuters).

49. The top areas compliance leaders want to invest in consist of compliance monitoring (13%), risk management (12%), and regulatory change management (11%) (Clausematch).

50. Over 50,062 chief compliance officers work in the U.S. (Zippia).

51. Chief compliance officers in finance make more than others working the same role in other fields (Zippia).

52. Over half of compliance leaders say they use leading technologies to improve their compliance functions and staff performance (Accenture).

53. The Institute of Internal Auditors (IIA) found that over three-quarters of audit teams don’t have modern technology solutions (IIA).

54. 37% of businesses perform one or more internal audits each year (Globalscape).

55. Among organizations that hired more internal auditors in 2021, the need to ensure adequate staffing was their top reason cited (IIA).

56. If internal audit teams had more to spend on technology, their priorities would be data analytics software (68%) and audit management software (54%) (IIA).

57. Audit plan allocations tend to stay consistent year-over-year. Cybersecurity is the only area with allocation increases of over 2% (IIA).

58. 34% of businesses report that RegTech solutions affect how they approach compliance management (Thomson Reuters).

59. 65% of compliance managers said they are planning to invest in new compliance technology in 2023 (Clausematch).

Third-Party Compliance Statistics

Compliance issues don’t begin and end with your own company. Third parties you work with can introduce their own compliance concerns. Here are a few key insights about third-party risk management statistics:

60. 58% of compliance teams report that gauging vendor responsiveness is their top challenge with third-party risk management (ACA).

61. 48% of organizations report difficulty with tracking third-party compliance (MetricStream).

62. 48% of organizations lack a complete list of all third parties with access to their network (Ponemon Institute).

63. 39% of businesses listed vendor support issues as a primary reason for improving security frameworks (Ponemon Institute).

64. Cyberattacks targeting third parties have increased from 44% to 49% in the last year (Ponemon Institute).

65. In 34% of organizations, compliance departments oversee all third-party risk management themselves (Gartner).

66. 66% of legal and compliance leaders say third parties provide services outside their business’s core operational model (Gartner).

67. 73% of the effort devoted to risk identification is allocated to due diligence and recertification efforts. Meanwhile, only 27% of effort goes to identifying risks over the course of a relationship (Gartner).

68. 9% of businesses cite managing vendor relationships and third-party risk as their top priority (Clausematch).

69. 34% of organizations outsource at least some of their compliance functionality (Thomson Reuters).

70. 52% of compliance experts claim a lack of data and information about partners exposes a business to third-party risks (Accenture).

Compliance Statistics by Framework

Each compliance framework introduces its own considerations and trends. To stay on top of changes across frameworks, we’ll cover some of the most popular ones. 

HIPAA Compliance Statistics

For healthcare compliance information, check out these HIPAA compliance statistics:

71. Between 2009 and 2022, 5,150 healthcare data breaches of 500 or more records were reported. Those breaches have resulted in the leak of more than 382 million medical records (The HIPAA Journal). 

72. In 2022, an average of 1.94 healthcare data breaches of 500 or more records were reported each day (The HIPAA Journal). 

73. In the first quarter of 2023, 58% of ASETT (Administrative Simplification Enforcement and Testing Tool) complaints did not violate HIPAA rules (Centers for Medicare & Medicaid Services)

74. Hacking is the leading cause of healthcare data breaches over theft, ransomware attacks, or impermissible disclosures (The HIPAA Journal). 

75. 2022 was a record year for HIPAA enforcement, with 222 penalties issued (The HIPAA Journal). 

HIPAA penalties

76. In 2022, 55% of the financial penalties imposed by the Office of Civil Rights were against small practices (The HIPAA Journal). 

77. Penalties can range from $100 per HIPAA violation up to a maximum of $25,000 per violation category per year (The HIPAA Journal). 

GDPR Compliance Statistics

With GDPR standards, countries in the EU can respond to digital security risks. Here are a few GDPR statistics to keep in mind:

78. The aggregate value of GDPR fines issued in 2022 was 50% more than the value of fines reported in 2021. (DLA Piper).

79. The aggregate total fines reported since the application of GDPR on May 25, 2018 to Jan. 10, 2023 now come out to 2.92 billion euros, or $3.1 billion (DLA Piper).

80. 20% of compliance staff said they’ve changed their email provider to stay compliant with GDPR standards (Business 2 Community). 

81. 90% of compliance workers view GDPR compliance as the hardest to attain (Globalscape).

Additional Compliance Framework Statistics

Payment data security and international compliance standardization grow more important by the year. Below are a few takeaways on the state of compliance for the Payment Card Industry Data Security Standard (PCI DSS) and ISO 27001:

82. In the U.S., PCI fines can range from $5,000 to $100,000 per month until the issue is resolved (VikingCloud).

83. Organizations achieving full PCI compliance reached 43.4% in 2020 (Verizon).

84. The ISO has implemented 24,780 international compliance standards, with 1,412 standards added in 2022 (ISO). 

85. 168 countries have ISO members representing them (ISO).

How Drata Can Help You Achieve and Maintain Compliance

Maintaining compliance can be a time-consuming and difficult task. It also requires you to keep an ear to the ground to learn about framework updates and new regulations before they impact your business. 

If you’re having trouble achieving compliance, Drata can help. Our tool automates your compliance processes, ensuring you’re audit ready no matter what compliance framework you need to adhere to. Our flexible platform applies to different frameworks and industries. With a few clicks, you can put compliance on autopilot to focus on the service your customers love.

Schedule a demo with our team to learn more today. 

Trusted Newsletter
Resources for you
Open API Security Checklist

Checklist: How to Evaluate a Compliance Open API

Fintech Risks

How to Address 6 Major Fintech Security and Compliance Risks

Security Tools

14 Free Cybersecurity Tools for Startups

User access review hero image

User Access Reviews: A Step-by-Step Guide + Checklist

Richard Stevenson
Rick Stevenson
Richard Stevenson's area of expertise focuses on building sound cybersecurity risk management programs and security policies that meet security compliance requirements. Richard is an AWS Certified Cloud Practitioner, CompTIA CySA+, and Shared Assessment Certified Third-Party Risk Assessor specializing in SOC 2, ISO 27001, NIST 800-53, NIST 800-171, SOX, HIPAA, third-party risk management, and enterprise risk management.

2023 Compliance Trends Report

Drata surveyed 300 established and enterprise organizations to tap the pulse of the state of risk and compliance. In doing so, we identified related trends, perceptions, and how compliance impacts the business. This year, the primary takeaway is that a mature compliance program will accelerate a business, not slow it down.

Access Report
Image - 2023 Compliance Trends Report
Related Resources
Open API Security Checklist

Checklist: How to Evaluate a Compliance Open API

Fintech Risks

How to Address 6 Major Fintech Security and Compliance Risks

Security Tools

14 Free Cybersecurity Tools for Startups

User access review hero image

User Access Reviews: A Step-by-Step Guide + Checklist