Over two-thirds of businesses leaders say their company needs to improve security and compliance measures with a quarter rating their organization’s security and compliance strategy as reactive. That’s according to the Vanta State of Trust Report which surveyed the behaviors and attitudes of 2,500 business leaders across Australia, France, Germany, the UK, and US to understand the challenges and opportunities they’re facing when it comes to security and trust management.
The research found that the rapid rise of generative AI and expansion of the attack surface, combined with shrinking teams and budgets, are fueling an urgent need for companies to improve – and prove – their security posture to maintain customer trust. Compounding the urgency is ever-evolving global regulation and the growing need to comply with an increasing number of standards. However, AI adoption is making secure data management more challenging with generative AI having the potential to erode trust, according to the report.
Without proper guardrails, the industry recognizes the inherent risks of using generative AI, including limited transparency into decision-making due to the vast number of weighted data points that large language models (LLMs) use, it added. As a result, 54% of the businesses leaders Vanta polled said AI regulation would make them more comfortable investing in it. Separate research from cybersecurity firm RiverSafe found that 95% of security leaders want the same in relation to AI cybersecurity. The report, titled AI Unleashed: Navigating Cyber Risks, revealed the attitudes of 250 cybersecurity leaders towards the impact of AI on cybersecurity.
Security and compliance strategies create stronger customer trust
Two-thirds of those surveyed said that customers, investors, and suppliers are increasingly looking for proof of security and compliance. Almost three-quarters (70%) of respondents said that a better security and compliance strategy positively impacts their businesses thanks to stronger customer trust, while 72% agreed that a better security and compliance strategy would make them more efficient. While 41% of businesses provide internal audit reports, 37% third party audits, and 36% complete security questionnaires, 12% admitted they don’t or can’t provide evidence when asked. This number is lowest in the US (10%), but it increases to 16% in Australia, the highest of any country surveyed by Vanta.
Risk visibility, resource constraints impact security, compliance efforts
Risk visibility plays a key role in organizations’ ability to improve security and compliance, as do resource constraints, according to the report. Only four in ten respondents rated their company’s risk visibility as strong, with identity and access management (IAM) (39%) and data processing that doesn’t comply with regulations (38%) the two biggest blind spots for organizations. Meanwhile, 60% have either already reduced IT budgets or are planning to as they grapple with challenging global economic situations, with one in four having downsized IT staff. On average, only 9% of IT budgets are dedicated to security, further exacerbating resource constraints, the report found. The biggest barriers to proving and demonstrating security externally are a lack of staffing (33%) and automation to replace manual work (32%), it added.
Vanta Trust Center to help businesses showcase security and compliance
In conjunction with its report, Vanta also announced the launch of the Vanta Trust Center, a new offering to help companies showcase their security and compliance posture, build trust, and streamline security reviews. With use of Vanta AI, Trust Center significantly reduces the manual, repetitive tasks hampering security and sales teams, freeing up valuable time and resources while enhancing customer trust, the firm said.