By streamlining compliance, companies can focus more on security

A-LIGN released its 2022 Compliance Benchmark Report, highlighting the concern over increased threat of ransomware attacks and the need for organizations to adopt a more streamlined approach to their compliance requirements.

The survey was conducted from November 2021 through January 4, 2022, with all 732 survey respondents comprised entirely of IT, security and compliance professionals.

“This year’s Benchmark Report brings the organizational compliance mandate into sharp focus,” notes Patrick Sullivan, author of the report and VP of Customer Success at A-LIGN.

“C-suite executives are placing more and more importance on the value of compliance programs to drive a growth mindset in their organizations as well as a culture of security best practices. By streamlining compliance, companies have more cycles to focus on core security issues along with a tighter handle on the critical security controls necessary to prevent ransomware and implement zero trust.”

Central to the report’s key findings is the continued increase in the centralization and automation of compliance programs. The use of some form of software during audits and assessments is up to 72% from 25% in 2021. Yet, 85% of respondents are still routinely conducting two or more audits annually with a staggering majority using multiple auditors. As companies look to continue streamlining their compliance programs, consolidation is a major theme.

Also telling were the reasons driving compliance activities. The largest number of respondents stated that they needed to show compliance due to customer requests to gain new business. Close behind, the second most common driving factor was attributed to C-level and board security compliance mandates.

Key findings

• Organizations bolster cybersecurity defenses against ransomware and cyberattacks: 40% of respondents are planning to develop a ransomware preparedness plan.
• Zero trust grabs the spotlight as an essential cybersecurity strategy: Over half of respondents (58%) agree/strongly agree that zero trust is a strategy they must implement in the next 12 months.
• Companies are wasting time and money by not consolidating audits: Only 15% of organizations practice audit consolidation. 85% conduct two or more audits annually. 65% use two or more auditors.
• Proactive compliance management creates value and earns new business: 22% of respondents said they lost a new business deal due to a missing compliance certification.
• Explosive adoption of audit software used to assist compliance efforts: 72% of organizations are using some form of software during their audits and assessments, up from 25% last year.

Since organizations are implementing more (and more complicated) compliance programs and are worried about ransomware, proper planning is the theme of this year’s best practice takeaways.

• Develop a ransomware preparedness plan: Ransomware isn’t going away anytime soon, and attacks will likely become much more prevalent throughout the course of this year. The best way to brace for — and mitigate — the impact of a ransomware attack is to have a comprehensive plan in place.
• Create a master audit plan: Organizations’ greatest compliance challenges are all found to be related to a lack of strategic alignment in their compliance programs. A Master Audit Plan (MAP) provides a simple yet powerful way for companies to design an audit strategy that provides greater visibility into the efforts required from each team or department, what is needed for each audit, and which pieces of evidence can be repurposed.
• Move from tactical to strategic compliance: For compliance to realize its full potential, companies must embrace a mindset in which the compliance function is part of the organization’s strategic and leadership big picture.