50+ Critical IT Compliance Statistics for 2024

Organizations flocked to cloud services in record numbers last year, with a growing percentage of IT budgets devoted to cloud and third-party tech solutions. While cloud operations offer businesses many benefits, third-party risk management hasn’t kept pace with the overall speed that enterprises and small- to medium-size businesses (SMBs) are adopting and relying on new technology services outside of their firms.

Almost half of all companies say IT risk management is one of their top three critical threat areas. As a result, IT departments are taking a more prominent role in compliance.

Faced with siloed departments using multiple SaaS platforms, different supply chain vendors, and individual users with uneven security practices, IT compliance has become more difficult to track and enforce for many administrators. 

2024 has shown that there is hope on the horizon for more effective compliance strategies. Companies are learning how to coordinate across departments, utilize purpose-built technologies, and enlist the help of AI for compliance. 

Knowing how other organizations handle third-party risk management can help you make your cloud environment more secure and up to the standards set by regulators. The following trends and statistics were put together so you can get a better picture of where your compliance program stands with third-party risks.

Editor’s Picks: IT Compliance Statistics

Centralizing compliance is one of the toughest challenges organizations faced in 2024. Emerging cyberthreats, new regulations, lack of resources or trained personnel, and multi-cloud frameworks were familiar foes to many organizations.

• 61% of organizations reported a third-party data breach or incident in the last year.
• 50% of companies use spreadsheets and other unintegrated tools to manage third-party vendors.
• Coordinated third-party risk management is only deployed at 31% of organizations.
• Almost 67% of third-party vendors are unmanaged due to lack of resources.
• Once a risk is identified, only 46% of companies take the necessary steps to fix vulnerabilities.
• 35% of organizations state security issues prevent them from faster cloud adoption. 
• 65% of businesses give priority to cloud investments that improve security and compliance.

2024 Compliance Trends

With cloud budgets comprising almost one-third of IT spending in 2024, several trends came along with the continued migration to cloud services.

Overall, data breaches continued to be a top concern for compliance officers. In a recent survey by Prevalent, 74% of professionals said a cybersecurity incident due to insufficient vendor security was their biggest fear. Data breaches are incredibly costly, including down time, legal fees, regulatory fines, and the potential loss of customers. But the good news is that there was a slight improvement in the rate of incidents — decreasing from 30% of compliance issues in 2023, to 28% in 2024.

However, while data breach numbers improved overall on industry and organizational levels, the rate of third-party data breaches saw a significant increase — shooting up 49% year over year from 2023 to 2024.

As it is with just about everything else, artificial intelligence (AI) is a hot topic in compliance in 2024. New DOJ regulations requiring companies to assess and manage risks related to AI made the technology a focal point in compliance faster than many organizations anticipated. 

While many are concerned about the risks of AI, there are also benefits to using AI to streamline compliance processes like monitoring, fraud detection, and predictive analytics. At this point, most companies are still behind the curve with AI and there are concerns about security and integration with existing employees, assets, and systems. 

Compliance audits are taking place more frequently as new governmental policies like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are put in place.

Here are some key stats that highlight these IT compliance trends in 2024.

• The number of organizations affected by public cloud security incidents increased 10% from 2023 to 2024.
• An IBM study found that over 80% of data breaches were tied to cloud storage in 2023.
• A report issued by Cybersecurity Insiders revealed that 54% of companies have a difficult time meeting regulatory standards in hybrid and multi-cloud environments.
• In the same report, 91% of cybersecurity and compliance professionals felt their systems were not prepared to handle zero-day attacks or respond to newly discovered vulnerabilities.
• Almost 60% of organizations say their current SaaS security operations protect less than half of their SaaS applications.
• The use of AI compliance monitoring grew from 20% to 38% year over year from 2023 to 2024.
• Deployment of generative AI for fraud protection doubled from previous levels in 2024.
• New regulations led to a 42% increase in compliance audits, especially in the financial and healthcare industries.
• 89% of risk and compliance professionals faced issues in third-party risk audits that could not be promptly resolved.
• Use of automated compliance audit tools rose to 55% in 2024, up 11 percentage points from the year before.
• Only 54% of CISOs are confident their organization is prepared to meet the demands of new regulations.

Anticipated Regulatory Changes 

This year, regulators tightened controls on IT compliance, supply chain security, AI, and data management. 

• In March 2024 PCI DSS 4.0 updated standards for industries using payment card information, setting new rules for the way vulnerabilities are addressed and fortifying threat detection.
• The National Institute of Standards and Technology Cybersecurity Framework 2.0 (NIST CSF 2.0) released new guidelines to help organizations manage third-party and supply chain risks more effectively.
• The U.S. DOJ is expected to continue to monitor and tighten its compliance policies related to AI.
• The EU’s Cyber Resilience Act (CRA) issued tougher cybersecurity mandates for digital products including hardware and software.
• U.S. federal agencies, the EU, and the financial services industry have all deployed AI to replace periodic human-led audits with continuous automated compliance monitoring.

In the next year, these trends are expected to evolve.

• The EU AI Act is on track to be finalized and put into law in 2025.
• SEC Regulation S-P will require financial firms to disclose data breaches within 30 days.
• Software supply chains are under increasing scrutiny from regulators and will be met with more restrictions, especially those with open-source components.
• Environmental, social, and governance (ESG) practices will require additional reporting and disclosures.

Technology Trends in Compliance

In 2024, many organizations were on the lookout for new solutions, after realizing their established compliance processes were incapable of handling evolving third-party risks and regulations. 

The transition from manual tools like spreadsheets and nonintegrated, single-point strategies is starting, with 64% of companies turning to purpose-built technology and integrated platforms for compliance management. The use of AI for compliance functions rose 31% between 2023 and 2024 and is expected to continue to climb into next year.

Evolving strategies to manage cybersecurity and data breaches also made up some of the top technology trends in compliance this year.

• 70% of companies turned to cloud-based compliance solutions, up from 65% in 2023.
• Almost two-thirds of organizations plan to fund AI systems as purpose-compliance tools in the next year.
• 61% of organizations implemented hotline or internal reporting policies to identify compliance issues and cybersecurity threats.
• According to a study by Prevalent, 70% believe AI will significantly impact compliance within five years.
• 58% of compliance teams increased cybersecurity monitoring in response to new regulatory policies.
• Large and enterprise organizations (over 10,000 people) led the way in the use of integrated compliance tools, with 87% deploying dedicated monitoring and reporting tools.
• 77% of compliance teams that made the shift from single-point tools to dedicated platforms reported improvements in third-party risk management across the vendor life cycle.

Predictions for Future Compliance Challenges

Regulations will only get more complex as work environments evolve, AI systems become more sophisticated, and cybercriminals uncover new vulnerabilities. Over the next three years, 62% of companies plan to increase focus on cybersecurity training, 59% on data privacy, and 39% on AI — and each bring their own set of compliance challenges.

As data privacy becomes a greater concern and cybercriminals find new weaknesses to exploit, compliance programs will need to establish systems that continually monitor and address cybersecurity and privacy risks. Automated tools will need to be scalable and integrated across departments to ensure compliance demands are met in real time.

Organizations will need to find adaptable solutions as different data and privacy laws are enacted across different regions and localities. Currently, the EU’s GDPR, the California Consumer Privacy Rights Act, and China’s Perspnal Information Protection Law (PIPL) set the standards for data and privacy, but there are no regulations that apply globally. This could lead to variations in auditing, and a higher volume of audits from a multitude of agencies, resulting in the need for the development of automated auditing systems to keep up with the demand.

Governing bodies will likely author new legislation for cloud-based environments which may involve data residency and sovereignty requirements. Data security incidents and third-party breaches will need to be reported in quicker and more streamlined ways.

With governments taking a closer look at environmental, social, and governance issues, ESG compliance will need to be integrated into existing risk analysis and reporting frameworks. 

As AI plays a bigger role in compliance, so will scrutiny from regulators. Safeguards could be placed on AI systems to address issues related to bias, accountability, and decision-making processes.

Compliance Costs

The cost of compliance differs across industries, with more regulated areas like finance and healthcare facing steeper expenses. The need for properly staffed compliance teams will also increase along with the adoption of third-party vendors and new regulations. On average, a mid-sized organization’s IT compliance costs can range from $100,000 to $1 million on a yearly basis and soars a lot higher if faced with fines or lawsuits over noncompliance.

• When dealing with data or security breaches, organizations with a high level of noncompliance faced average costs of over $5 million compared to costs of around $500,000 for organizations that maintained compliance. 
• The cost of a third-party data breach is 40% higher than the cost of internal security breach.
• Almost 50% of compliance professionals said standardizing compliance frameworks across their company would reduce costs. And two-thirds said that using technology to automate manual processes would provide the biggest cost savings.
• 61% of executives expect the cost of senior compliance officers to increase over the next 12 months.

The IT Manager’s Guide to Data Compliance Hygiene

How to ace your audit

Get the Guide

Vendor Risk Management

With the cost of data breaches and noncompliance rising, this is a time when a lot of organizations are reassessing how they handle third-party risks. While 86% of respondents in Prevalent’s Risk Management Study said they had a third-party risk management system in place, 33% said their current system was inadequate when it came to addressing third-party compliance. 

• 98% of organizations report working with a third-party that has been breached.
• 73% of organizations experienced a significant security incident caused by a third-party within the last three years.
• 75% of third-party breaches were attacks against the software supply chain.
• Only 34% of compliance professionals believe a third-party vendor would notify them of a data breach.
• 62% of organizations claim understaffing is the biggest challenge to protecting against third party breaches.

As third-party and supply chain risks draw more focus, several trends have emerged to combat them. Companies are turning to security ratings services that provide a more detailed picture of risks involved for each vendor. The use of purpose-built and integrated technology is being used to provide a better assessment of third-party risks in real time. Cross-departmental integration and employee training is helping to identify risks and vulnerabilities faster. Contractual requirements and SOC 2 reports are being used to ensure third-parties are compliant with data and privacy laws and have incident response plans in place.

Cloud Security and Compliance

Cloud environments have a unique set of challenges that organizations need to adapt to. Data residency requirements are changing across the globe with the advent of new regional regulations like the GDPR. Organizations are facing more stringent rules around encryption, and must be sure data is encrypted during transfers and in storage. 

Visibility and monitoring are difficult to track manually with third parties, leading more companies to seek automated solutions.

Cloud misconfigurations are one of the leading causes of data breaches. Organizations are turning to AI systems to detect vulnerabilities more efficiently, but patching problems is still slow for many organizations.

• 65% of organizations reported facing obstacles protecting cloud data.
• 90% of organizations face budget, visibility, or compliance management issues when adopting cloud technologies.
• 59% of companies are establishing roles to manage cloud control and compliance costs.
• 34% of organizations plan to make enhancements to cloud security and governance in the next year.

Achieve and Maintain Compliance with JumpCloud

Though IT compliance gets more complex every day, JumpCloud can help simplify compliance for your organization. Learn how our open directory platform expands your capabilities to monitor compliance data and gives you the tools to prepare for an audit. 

With JumpCloud you gain visibility and complete control over your IT environment. You’ll be able to manage access privileges and prevent unmanaged devices from accessing your network and services.

Sign up for a free trial to see how JumpCloud helps to meet your security and compliance needs.