A recent AuditBoard report found that 91% of security professionals feel "concerned" about cybersecurity threats.
Executives may view periodic updates as "real-time," while practitioners often rely on manual processes and spreadsheet-based reporting, which are often far from real-time. The report found that 92% of executives say they have real-time insights into compliance posture compared to just 69% of management professionals, highlighting the disconnect between perceived timeliness of data and the operational reality.
Ninety percent of professionals surveyed report conformance with Digital Operational Resilience Act (DORA), the Network and Information Security Directive 2 (NIS2) Directive, and/or the EU AI Act will impact their workload. InfoSec professionals feel the weight of compliance efforts most, with 38% expecting to be impacted to a great extent, compared to 29% of risk management professionals and 28% of IT professionals. Increased workloads could potentially lead to a greater risk of noncompliance as teams struggle to stay afloat on daily tasks.
Compliance with NIS2 is reported to be a high priority amongst organizations surveyed (61%). However, 52% of organizations report being compliant, while another 44% plan to meet requirements by the end of next year. While 63% of those claiming compliance report having transparency measures in place, 55% say they have implemented risk management frameworks, and just over half (51%) execute comprehensive risk assessments.
Eighty-three percent of professionals are concerned about third-party AI use in regard to compliance with the EU AI Act. However, even more of those surveyed (91%) do feel that the EU AI Act will positively impact their organization's use and development of AI applications.