100+ Compliance Statistics You Should Know in 2025

Ayush Saxena

Ayush Saxena

Oct 10, 2024
100+ Compliance Statistics You Should Know in 2025

Data security compliance is gaining momentum as one of the foundational elements of a successful business. The demand for IT security professionals, compliance officers, and data protection officers is growing, expenditure on compliance programs is increasing, and organizations are treating compliance as a key component of their overall strategy.

Some compliance professionals are still finding it difficult to secure the personnel and resources required to build a proactive and robust compliance program. Changing processes to address compliance risks and getting executive buy-in are still very real struggles for compliance teams. 

Did you know that 95% of businesses have established or are trying to build a culture of compliance as per Accenture’s 2022 Compliance Risk Study?

We’ve compiled a list of important compliance statistics that you can cite to bring awareness to your leadership team as well as other key business stakeholders about the importance of compliance. These statistics will also help you start out with your own compliance program and begin planning for 2023.

TL;DR: The following article will provide us with the latest insights and trends in the compliance industry to plan and prepare better in this ever-changing world of compliance while learning from gaps in the past.

Compliance Trends for 2023

The rapid pace of technological advancements is influencing compliance trends in 2023, presenting both opportunities and risks with emerging technologies such as artificial intelligence, the Internet of Things, blockchain,  and cloud computing. 

Organizations have been forced to rethink their operational resilience when it comes to the future of the compliance industry. Companies have seen first-hand the need for — and benefits of —with the disruption organizations continue to face due to the pandemic—a well-run risk and compliance management program.

We’ve compiled a few of the compliance trends compliance industry experts predict for the coming year. 

1. 93% of surveyed respondents in a compliance risk study conducted by Accenture agree that AI and cloud compliance tools remove human error, automate manual tasks, and prove to be more effective and efficient.

Source: Compliance Risk Study 2022 Report, Accenture

2. 90% of compliance leaders agree that there would be a 30% rise in the cost of compliance in the coming future, although 72% of respondents don’t foresee any changes in their allocated budget in the next couple of years.

3. 19% of the breaches are a result of supply chain attacks, and a supply chain breach takes an average of 26 days longer to identify and contain as compared to the global average. 

Source: IBM’s Cost of Data Breach 2022

4. The global cyber security market size is estimated to reach USD 500.70 billion by 2030, at a CAGR of 12.0% from 2022 to 2030, according to a new 

Source: Study by Grand View Research

5. Okta, a leading IAM  (identity and access management), in its 2022 report, shared that 52% of its surveyed respondents had a zero trust architecture in place for all the right reasons.

Source: The State of Zero Trust Security 2022, Okta

6. As per 6% of the respondents in the Accenture survey, a serious impediment to strengthening compliance is caused by a lack of sufficient organizational stature in the compliance structure.

7. The three areas of compliance that businesses plan to focus on in the future are enhancing internal compliance and regulatory assessments, improving employee awareness with more compliance training and elevating third-party compliance. 

Source:  State of Compliance Survey Report 2021, MetricStream

8. 62% of businesses expect more compliance involvement in cyber security in the coming years. 

Source: Thomson Reuter’s Cost of Compliance Report 2021

9. Half of the survey respondents expect the compliance professional’s personal liability to grow in the next 12 months, and 10% expect it to rise significantly. 

Source: Thomson Reuter’s Cost of Compliance Report 2021

10. 34% of businesses say that regtech solutions are influencing the management of compliance. 

Source: Thomson Reuter’s Cost of Compliance Report 2021

11. 1,100 compliance and GRC professionals, when surveyed, ranked their top priorities for 2022 as:

  • Advertising and Marketing
  • Privacy and Cybersecurity
  • ECG(Environmental, social, and governance). 

Source: ACA Virtual Fall Conference Report 2021

12. The total projected cost of financial crime compliance in the Canada and U.S. for 2021 is $49.9 billion, which is an 19% increase from 2020. 

Source: LexisNexis Risk Solutions’ 2021 True Cost of Financial Crime Compliance Study

13. Businesses are expected to adopt environmental, social, and corporate governance (ESG) practices and procedures over the coming decades due to climate-related disasters. Impacts from this will include supply chain management, operational and strategic decision-making, and investment decisions. 

Source: NavexGlobal Top Risk & Compliance Trends for 2021

14. 80% is the average compliance onboarding success rate. 

Source: (NorthRow).

15. On average, 25% of company revenue is spent on compliance costs. 18% of organizations estimated that more than 50% of their income is spent on compliance costs Source: (NorthRow)

The current state of compliance

New technologies are being introduced as the compliance industry evolves to streamline and improve processes. When organizations take a proactive approach to implementing and solidifying their compliance strategy, they save time and resources while improving their overall security posture. 

Here’s how the compliance industry has evolved in recent years. 

1. 86% of businesses surveyed agreed that innovative digital technologies have aided them in identifying financial crime. 

Source: Refinitiv’s Global Risk and Compliance Report 2021

2. The leading risk among businesses for 2021 was business interruption (41%), inclusive of supply chain disruptions. This was followed up closely by cyber incidents such as cybercrime,  fines and penalties, and data breaches at 40%.

Source: Statista

3. 70% of risk and compliance experts agree that the pandemic has scaled their reliance on technology to improve decision-making, risk management, and performance monitoring. Source: Thomson Reuter’s Fintech, Regtech and the Role of Compliance Report 2021

4. Organizations have identified the top five risk and compliance functions that can profit from technology as the following:

  • Regulatory reporting (24%)
  • Trade surveillance (32%)
  • Marketing reviews (41%)
  • Compliance policy/activity tracking (41%)
  • Vendor oversight (54%)

Source: ACA Key Trends and Forces Shaping Compliance and Risk Management in 2021

5. Vendors are being asked for strong cybersecurity practices. 44% of businesses say as part of a request for proposal (RFP), they are being asked for proof of cybersecurity. 

Source: ACA Key Trends and Forces Shaping Compliance and Risk Management in 2021

6. Risk and compliance programs are evolving. Navex Global established that the number of “mature and advanced” risk and compliance programs augmented by 29%, while the number of “reactive and basic” ones decreased by 35%. 

Source: Navex Global’s 2021 Definitive Risk & Compliance Benchmark Report

7. 34% of businesses outsource part or all of their compliance functionality. 

Source: Thomson Reuters’ Cost of Compliance Report 2021

8. If compliance were a country, U.S. regulation would be the eighth-largest economy globally. 

Source: CEI Ten Thousand Commandments 2021

9. When security professionals and CISOs are asked how to improve their company’s overall security posture, the top answer is upgrading security tools (67%). This is an effort which security professionals also report is being thwarted by a lack of expertise, integration difficulties, and the sheer number of tools to manage. 

Source: Netenrich’s Global 2021 Survey of IT and Security Professionals

10. 80% of surveyed respondents shared that they had a business continuity plan in place and that it helped them in navigating the pandemic’s impact. 

Source: Navex Global’s 2021 Definitive Risk & Compliance Benchmark Report

Data breaches by the numbers

Data breaches are a costly risk for organizations, highlighting the need for preventative measures to identify and rectify any potential weaknesses in an organization’s data protection. We’ve compiled a list of stats that highlight the costs associated with common causes and data breaches. 

1. 65% of organizations say they predict more expenses on cybersecurity and privacy resources in 2021. 

Source: ACA Key Trends and Forces Shaping Compliance and Risk Management (2021)

2. Identity-based attacks are growing. Almost 90% of web application breaches were due to credential abuse, and phishing was the cause of more than a third of all breaches. 

Source: Verizon’s Data Breach Investigations Report 2021

3. 78% of businesses worldwide say zero trust has grown in priority, and nearly 90% are currently towards a zero-trust initiative. 

Source: Okta’s State of Zero Trust Security 2021 Report

4. More than 60% of all data breaches are accredited to weak or stolen credentials. 

Source: Verizon’s Data Breach Investigations Report 2021

5. Attacks targeting the financial sector, from February to April 2020, grew by 238%. 

Source: VMWare Modern Bank Heists Threat Report

6. The average cost of a data breach per incident in 2021 among companies surveyed reached $4.24 million, the highest in 17 years. 

Source: IBM

7. Remote work is an upcoming threat for data breaches. When remote work was shown as a factor in the event, breaches cost over $1 million more on average. 

Source: IBM

8. Customer personal data (such as email, name, and password) is a part of 44% of data breaches. 

Source: IBM

9. The total number of cyber attack-related data compromises, compared to the fiscal year 2020, year-to-date, is up 27%, with ransomware and phishing seen as the top attack methods. 

Source: Identity Theft Resource Center Q3 2021 findings

10. 67% of organizations with employees between 5,001–10,000 plan to invest in employee security awareness programs, which is twice as much as the number reported in 2019 (33%). Source: Netwrix 2020 IT Trends Report

11. About 60% of organizations have over 500 accounts with non-expiring passwords, highlighting just one of the many inadequate security practices that leave organizations open for data breaches. 

Source: Varonis

12. By 2023, Gartner predicts that 65% of the population globally will have its private data covered and protected under modern privacy regulations. 

Source: Gartner’s State of Privacy and Personal Data Protection report

Leading Causes of Data Breaches

A data breach involves any security incident in which unauthorized parties gain access to confidential information or sensitive data, including corporate data (customer data records, financial information, intellectual property) or personal data (Social Security numbers, healthcare data, bank account numbers ).

Data breaches can be caused by one or more of the following factors

  • Weak and Stolen Passwords
  • Social Engineering
  • Physical Attacks
  • Insider Threats 
  • Malware
  • Unpatched Applications

1. Osano reported that cyber hackers were responsible for the most number of data breaches, and hacker-caused data breaches, on average, exposed 17 times more sensitive data than other breach types (unintended internet disclosure, inside jobs, unintended physical disclosure). 

2. Hackers and criminal insiders are responsible for 48% of data breaches.

Source: 2018 Cost of a Data Breach Study, IBM

3. Many organizations fail to understand how their data is used by their vendors. A study from Cisco reports that the average organization shares its data with as many as 730 different vendors and third parties. 

Source: Cisco

4. Two out of every three data breaches are caused by third-party vendors.

Source: Internal Auditors Research Foundation

5. 70 million data records were leaked or stolen in 2018 due to poorly configured AWS S3 cloud storage buckets.

Source: The 2019 Internet Threat Report from Symantec

6. Lax data access practices are the key reason behind so much sensitive data being left exposed. About 53% of businesses leave 1,000 or more files with sensitive data accessible to all employees, whether the employees are actually authorized to access the data or not.

Source: The 2019 Global Data Risk Report from Varonis

Compliance Statistics by Framework

Each compliance framework has its own considerations as well as trends. We’ll cover some of the most popular ones to stay on top of changes across frameworks. 

HIPAA Compliance Statistics

HIPAA is an essential compliance required by healthcare entities towards safeguarding sensitive Patient Health Information(PHI).

For the healthcare compliance industry, check out these HIPAA compliance statistics:

1. Between the years 2009 and 2022, 5,150 healthcare data breaches involving 500 or more records were reported. Those breaches have led to the leak of more than 382 million medical records.

Source: The HIPAA Journal 

2. An average of 1.94 healthcare data breaches in 2022, involving 500 or more records, were reported every day.

Source: The HIPAA Journal 

3. 58% of ASETT (Administrative Simplification Enforcement and Testing Tool) complaints in the first quarter of 2023 did not violate HIPAA rules.

Source: Centers for Medicare & Medicaid Services

4. Hacking leads among the causes of healthcare data breaches over theft, impermissible disclosures, or ransomware attacks.

Source: The HIPAA Journal 

5. 2022 established a record year for HIPAA enforcement, with over 222 penalties issued.

Source: The HIPAA Journal

6. 55% of the financial penalties in 2022 were imposed by the Office of Civil Rights against small practices.

Source: The HIPAA Journal

7. Penalties can fall between $100 per HIPAA violation and up to a maximum of $25,000 per violation category annually.

Source: The HIPAA Journal

GDPR Compliance Statistics

GDPR framework is created by Europian Union to safeguard personal information of citizens residing in Europe and is applicable to companies both working within the EU or dealing with citizens of EU.

Countries in the EU, with GDPR standards, can respond to digital security risks. Here are a few GDPR statistics:

1. The aggregate value of GDPR fines issued in 2022 was 50% more as compared to the value of fines reported in 2021. 

Source: DLA Piper

2. The aggregate total fines reported since the implementation of GDPR on May 25, 2018, to Jan. 10, 2023, total 2.92 billion euros, or $3.1 billion.

Source: DLA Piper

3. To stay compliant with GDPR standards, 20% of compliance staff said they’ve changed their email provider.

Source: Business 2 Community 

4. 90% of compliance workers regard GDPR compliance as the hardest to attain. 

Source: Globalscape

Additional Compliance Framework Statistics

International compliance standardization and payment data security gain importance by the year. Below are a few takeaways on the state of compliance for the ISO 27001 and PCI DSS:

1. PCI fines in the U.S. can range between $5,000 to $100,000 per month until the issue is rectified.

Source: VikingCloud

2. Organizations achieving and maintaining PCI compliance reached 43.4% in 2020.

Source: Verizon

3. The ISO has placed 24,780 international compliance standards, with over 1,412 standards added in 2022.

Source: ISO 

4. ISO members are represented in 168 countries.

Source: ISO

The cost of non-compliance

Non-compliance may lead to the loss of loyal customers and clients who hesitate to conduct business with an organization they view as unethical. Overall, the total cost for non-compliance is estimated to be greater than $14 million, including revenue loss, fines, penalties, productivity loss, business disruption,  reputation damage and other fees.

Turning your organization into a well-oiled compliance machine can be a daunting task. But the cost and implications of not having such a program in place is expensive, more expensive than getting that well-oiled compliance machine. 

If you need a number on just how high the costs linked with poor compliance management practices can be, take a look at the data points below. 

1. 31% of surveyed respondents predict their compliance teams will expand in the next 12 months, down from 43% in 2018. 

Source: Thomson Reuters’ Cost of Compliance Report 2021

2. The projected total cost across financial institutions worldwide of financial crime compliance is $213.9 billion. 

Source: LexisNexis Global True Cost of Compliance 2020 Report

3. U.S. businesses have an average expense of $10,000 per employee on regulatory costs.

Source: CEI Ten Thousand Commandments 2021

4. In a single non-compliance event, organizations lose an average of $4 million in revenue.

Source: GlobalScape’s The True Cost of Compliance with Data Protection Regulations

5. The cost of non-compliance has increased by 45% since 2011. 

Source: GlobalScape’s The True Cost of Compliance with Data Protection Regulations

6. 50% of organizations agreed that they spend 6-10% of their revenue on compliance costs.

Source: Bloomberg

“Compliance becomes manageable when companies start early. As you hire more people, build bigger products and serve more customers, adopting a compliance culture early on ensures long-term ease and efficiency”

Gurudev Mallesha: ISO Lead Auditor at Sprinto

Great advice adds up. Get more from the brightest minds in GRC — Subscribe to ou