Cybersecurity risks are the biggest concern for business leaders in 2024, higher than financial and operational risk
1 in 2 organizations detect and respond to cybersecurity threats at least once a week
11 weeks a year are spent on compliance tasks, up from 10 weeks in 2023
Vanta, the leading trust management platform, today released its annual State of Trust Report 2024, an in-depth analysis uncovering global trends in security, compliance and trust.
A majority (55%) of organizations say the security risks for their business have never been higher, yet the average company only dedicates 11% of its IT budget to security — far from the ideal allocation of 17%, according to business and IT leaders. The rapid adoption of AI only adds to the risks with phishing attacks (33%), AI-based malware (32%), and compliance violations (27%) increasing since AI has become far more prevalent in the last year.
Also Read: CIO Influence Interview with Amer Deeba, CEO and Co-founder of Normalyze
While AI is becoming more mainstream, the way companies approach training their AI models and communicating their practices to customers is nascent and varies widely. About 1 in 4 (27%) use only anonymized customer data while less than one-third of organizations (31%) use a mix of customer and synthetic data. And while 25% of organizations require customer opt-in to use their data for AI training, over 75% of companies don’t offer an opt out option.
Conducted by Sapio Research on behalf of Vanta, the State of Trust Report 2024 surveyed the behaviors and attitudes of 2,500 business and IT leaders across the U.S., UK and Australia, to uncover the latest trends shaping security and compliance.
Increasing risks intensify the compliance burden
With a growing reliance on third-party vendors and AI in business today, the security landscape has never been more challenging. At the same time, security leaders and their teams face an increasing compliance burden. Time spent on manual security compliance tasks increased to over 11 weeks in 2024 — up from 10 weeks in 2023. Additionally:
- Nearly two-thirds (65%) of organizations say that customers, investors and suppliers require more demonstration of compliance than before
- IT decision makers spend an average of 6.5 hours per week assessing and reviewing vendor risk
- 1 in 2 (50%) organizations detect and respond to cybersecurity threats at least once a week
- 46% of organizations say that a vendor of theirs has experienced a data breach since they started working together with them.
- 62% agree that third-party breaches negatively impact their organization’s reputation
- Only 2 in 5 (37%) organizations have or are currently conducting regular AI risk assessments
- A mere 36% have, or are in the process of, implementing a company AI policy
Also Read: Lenovo Introduces Tailored Partner Journeys with Lenovo 360 to Meet Evolving Needs of the Channel
Despite all countries continuing to grapple with the unique set of security and compliance challenges, the survey findings illustrate the vast differences experienced across timezones:
- 48% of U.S. organizations have had a vendor experience a data breach since they started working with them — the highest of all markets surveyed
- Organizations in the U.K. spend the most time on compliance tasks —12 weeks a year versus 10 weeks in 2023
- Companies in Australia have the least insight into vendor risk, with only 17% having “strong” visibility
- U.S. companies are most concerned around internal use of AI and the risks it poses for the security of the organization (53%)
- 55% of organizations in the U.K. have increased their investment in AI for security operations, 10% more than the U.S. and 18% more than Australia
- Only 28% of companies in Australia have, or are in the process of putting, a company AI policy in place —- the lowest of all markets
Good security is good business
As the security expectations of customers grow, leaders recognize the business value of investing in building and demonstrating trust. Nearly half (48%) believe good security practices drive customer trust while 46% recognize that good security practices lead to reduced financial risks.
When used in the right way, AI and automation can help security teams increase efficiency, free up time for strategic work and deliver more business impact. On average, security teams could save between 3-5 hours a week by automating activities like user access reviews, employee management and answering security questionnaires. Nearly half (44%) of organizations say that their investment in automation for security operations has increased over the past year.
“To uphold trust in an AI world, security leaders need to go beyond the standard way of doing things,” said Christina Cacioppo, CEO, Vanta. “They need to make trust continuous, collaborative and automated across their business. Trust management allows organizations to reduce risk, build customer confidence, and accelerate revenue growth.”
Going beyond the standard with trust management
On November 20, Vanta will host VantaCon 2024: Beyond the Standard, bringing together security’s brightest minds for a half day of keynotes and expert panels. Speakers including Jason Chan, former VP of Security, Netflix; Rinki Sethi, CISO and CIO, BILL; Mike Johnson, CISO, Rivian Automotive; Charles Nwatu, Security Engineering, Netflix; Varun Gurnaney, Security Engineer; Bryan Culp, Trust and Quality, Box; and Phil Grove, Ecosystem, Atlassian, will explore how companies can challenge, rethink and go beyond the expectations of the security and compliance industry.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]