New Resource: 2023 Compliance Trends Report

Drata has released our inaugural zeitgeist research report tapping the pulse of risk and compliance: 2023 Compliance Trends Report. Discover the latest trends and insights on risk and compliance based on input from established and enterprise companies.
Elliot Volkman

by Elliot Volkman

February 14, 2023
2023 Compliance Trends Report 1

There’s a mind shift on the horizon, and the way organizations implement risk and compliance programs will significantly change for the better. Currently, manual or point-in-time compliance is perceived as a box to check and occasionally a burden. This is not surprising as companies spend an average of 4,300 hours annually achieving or maintaining compliance, and their perception is based upon their outcomes.

Fortunately, in the past few years, compliance programs have seen great strides in scalability, better alignment with cybersecurity concepts, trust-building capabilities, and enabling sales teams.

CTR - Key Data Points Graphic@2x

It’s for this reason that this year’s 2023 Compliance Trends Report hones in on the most significant trend—the rise of continuous compliance. Based on analysis, 100% of organizations who have yet to achieve the increased level of maturity see value in it, and across the next five years, 99% plan to achieve some level of continuous compliance.

The Rise of Continuous Compliance

For decades, compliance has been seen as a point-in-time concept. Organizations would manually collect evidence, present the information to a third party who validates their ability to secure data and information, and in turn a document is created. However, this process leaves itself open to blindspots between audits and review cycles, and changes won’t be reflected within the initial document. 

Though sufficient in its time, compliance concepts have changed over the years, and having static reports do offer the same value as they once had.

CTR - Timline Graphic@2x

During that time, compliance was frequently treated as a baseline or a checkbox that organizations must align with to prevent fines and reduce the possibility of breaches or other security incidents. 

Arguably, this is because the systems in place are considered arduous, burdensome, and require a steep learning curve to those who haven’t started their compliance journey elsewhere. This is particularly detrimental to startups and small businesses who are already resource-constrained, but have a vision of their own to follow. 

For some organizations, compliance can be misconstrued as a form of cybersecurity, because on the box, that is what it spells out—a system that requires processes and controls to ensure information is secure. Point-in-time compliance offers the foundation for cybersecurity, but is missing the critical element that allows it to truly bridge the gap; the difference being between reactive, active, and proactive states of compliance maturity.

In our first article in the series, we highlighted why nearly all organizations are planning to move to continuous compliance in the next five years, but the consequences of point-in-time compliance speaks volumes:

According to the 2023 Compliance Trends Report, four out of five organizations have indicated negative consequences due to a reactive or manual approach to compliance. This ranged from slower sales cycles (41%), security incidents (40%), and fines (24%). 

Beyond problematic trends, organizations feel that compliance should accelerate business, and it’s clear that moving towards continuous compliance enables that outcome.

Stay tuned to Trusted as we pull more insights and trends from the report, or subscribe to our newsletter and we’ll send them right to your inbox.

If you’re interested in learning more about the current and future state of compliance, you can access the 2023 Compliance Trends Report here or discuss it in our community, Secured.

Trusted Newsletter
Resources for you
New Launches From Drataverse

New Launches From Drataverse: Chart Your Course

Highlights From Drataverse: Chart Your Course

Highlights From Drataverse: Chart Your Course

Image - SOC 2 penetration test list

Penetration Tests and SOC 2: Preference, Tradition, or Requirement?

Elliot Volkman
Elliot Volkman
Former Director of Brand, Content, and Community
Related Resources
Image - RSA AI Recap

RSA Conference 2024: Regulations and AI Set to Clash

GRC Maturity: Manual Risk Management Programs Fall Behind

GRC Maturity: Manual Risk Management Programs Fall Behind

DDRR Recap

A Recap of Drataverse Digital: Risk and Reward


Drata's New NIST AI RMF: A Game-Changer for AI Risk Management