150+ Compliance Statistics for 2026

Compliance programs underpin data protection, privacy and risk management across every industry, and the numbers show how rapidly the landscape is evolving. This article compiles exactly 150 unique, handpicked statistics from authoritative 2023–2026 reports and regulatory summaries to help security leaders benchmark their programs and assess regulatory exposure.

This report is built on verified data from leading research and regulatory bodies, including PwC, IBM, KPMG, the U.S. Department of Health and Human Services, FATF, Verizon, and DLA Piper, which demonstrates the report’s credibility, data quality, and reliability.

Key Categories of Statistics

• Global compliance trends: adoption of frameworks, complexity and digital‑transformation drivers.
• Payment and data‑protection mandates: PCI DSS, HIPAA, ISO 27001 and GDPR adoption, data‑sovereignty priorities and enforcement activity.
• Threat vectors and compliance training: AI‑enabled breaches, automation, risk management maturity and training program characteristics.
• Industry‑specific impacts: insights for financial services, technology, manufacturing, healthcare and government sectors.
• Regional and country‑level breakdowns: average breach costs, GDPR fines and notification trends.
• Major breaches and risk management: cost differentials, third‑party diligence and challenges in ISAE/SOC reporting.
• Cost and vendor complexity: budgets, cloud‑adoption barriers, vendor counts and tool sprawl.
• Human impact on compliance teams: staffing shortages, expanded responsibilities and privacy‑program challenges.

Global Compliance Trends

1. Digital‑transformation demand: 71% of companies expect to support digital‑transformation initiatives that require compliance involvement within the next three years. (PwC)

2. New business models: 41% anticipate needing compliance support for new business models. (PwC)

3. Growing complexity: 85% report that compliance requirements have become more complex over the last three years. (PwC)

4. Impact on growth: 77% say rising regulatory complexity is constraining growth and innovation. (PwC)

5. IT system challenges: nearly 90% say regulatory complexity hinders implementing new IT systems. (PwC)

6. AI adoption barrier: two‑thirds of companies state that compliance complexity limits their use of artificial intelligence. (PwC)

7. Top challenges: 47% rank regulatory complexity as their primary challenge, 34% cite organizational complexity, 29% note cultural issues and 28% identify resource capacity. (PwC)

8. Technology adoption: 49% of organizations already use technology for more than 11 compliance activities. (PwC)

9. Training and monitoring tech: 82% use technology for compliance training, 76% for risk assessment, 75% for monitoring and customer due diligence, and 72% for regulatory disclosures. (PwC)

10. Investment plans: 82% plan to increase spending on compliance technology. (PwC)

11. Coordination benefits: 59% report better decision‑making when compliance is coordinated across the organization. (PwC)

12. Leadership ambition: only 7% consider their organizations compliance leaders today, but 38% aspire to be leaders within three years. (PwC)

13. Centralized GRC: 91% of organizations have a centralized governance, risk and compliance team. (Hyperproof)

14. Budget outlook: 63% expect risk and compliance budgets to increase in 2025. (Hyperproof)

15. Team growth: 72% plan to expand compliance teams in the next two years. (Hyperproof)

16. 89% of compliance professionals say AI helps speed up internal compliance functions and supports the compliance process across the compliance landscape. (Thomson Reuters Future of Professionals Report 2024)

17. 41% of financial firms in 2024 expect to spend over 10% of digital budgets on Generative AI to meet compliance responsibilities and support enhanced evidence mapping in the compliance industry. (Protiviti)

18. 71% of respondents say AI will positively affect effective compliance and help implement continuous compliance across multiple frameworks. (PwC Global Compliance Survey 2025)

19. Nearly 90% of compliance professionals see AI as a force for good for ensuring compliance programs across the compliance landscape. (Thomson Reuters)

20. 63% of executives say disaggregated data makes compliance harder, stressing data management and the compliance process.(PwC Global Compliance Survey 2025 PDF)

21. 77% of breached records in 2024 involved third party vendors, raising third party compliance and financial crime concerns in the compliance industry (BlueSight 2025 Breach Barometer Annual Report PDF)

22. Over 90% false positive rates in AML show financial crime control challenges and weaknesses in some compliance models. (Flagright)

23. 76% of executives said rising compliance complexity negatively impacted establishing and maintaining third party relationships and alliances. (PwC Global Compliance Survey 2025)

24. 41% of CISOs say third party visibility is the top priority for supply chain cyber resilience and third party compliance. (Accenture Cybersecurity Resilience Report 2024 PDF)

25. 40% of legal, compliance, and privacy leaders selected strengthening third-party risk management as a top five priority. (PwC Global Compliance Survey 2025 PDF)

26. 35% of business and tech executives rank third party breaches among top threats, linking third party compliance to cyber resilience risk. (KPMG Third Party Risk Management Outlook 2024)

27. SOC 2 examinations can cover 5 Trust Services categories: Security, Availability, Processing Integrity, Confidentiality, and Privacy. (AICPA)

28. TrustNet lists SOC 2 Type II observation windows of 3, 6, 9, or 12 months. (TrustNet)
29. Vanta states thetotal cost of achieving SOC 2 can range from $10K to $80K or more. (Vanta)

Payment And Data Protection Compliance Mandates

1. GDPR applicability: 92% of surveyed organizations must comply with the EU General Data Protection Regulation. (Kiteworks)

2. PCI DSS applicability: 58% must comply with the Payment Card Industry Data Security Standard. (Kiteworks)

3. HIPAA applicability: 41% of respondents overall must comply with HIPAA, and nearly 97% of healthcare organizations do. (Kiteworks)

4. Data sovereignty importance: 85% say data sovereignty is critical or very important for compliance. (Kiteworks)

5. Annual budgets: 83% allocate at least $100,000 per year for web‑form security and compliance. (Kiteworks)

6. Incident prevalence: 88% have experienced at least one web‑form–related security incident in the past two years. (Kiteworks)

7. Breach via forms: 44% suffered a confirmed data breach through form submissions. (Kiteworks)

8. Bot attacks: 61% were targeted by automated or bot‑driven attacks on web forms. (Kiteworks)

9. SQL injection attempts: 47% experienced SQL‑injection attempts against form fields. (Kiteworks)

10. Cross‑site scripting: 39% encountered cross‑site‑scripting attacks targeting form fields. (Kiteworks)

11. Automated response: 48% use automated incident‑response workflows after detecting web‑form threats. (Kiteworks)

12. Financial‑services sovereignty: 93% of financial‑services respondents rate data sovereignty as critical or very important. (Kiteworks)

13. Tech sector sovereignty: 86% of technology companies consider data sovereignty critical. (Kiteworks)

14. Manufacturing sovereignty: 80% of manufacturing organizations rate data sovereignty as critical. (Kiteworks)

15. Healthcare sovereignty: 83% of healthcare organizations consider data sovereignty critical. (Kiteworks)

16. Government data collection: 81% of government agencies collect government ID numbers via forms. (Kiteworks)

17. FedRAMP and FIPS: 75% of government respondents require FedRAMP authorization and 69% use FIPS 140‑3 validated cryptography. (Kiteworks)

18. ISO 27001 adoption: 81% of organizations have adopted ISO 27001 certification, up from 67% in 2024. (A-LIGN)

19. HIPAA enforcement volume: the U.S. Department of Health and Human Services has received 374,321 HIPAA complaints and initiated 1,193 compliance reviews, resolving 99% of cases. (HHS)

20. Civil penalties: 152 HIPAA cases have resulted in civil monetary penalties totaling $144,878,972. (HHS)

21. PCI DSS Requirement 4: 90.5% of organizations were fully compliant with PCI DSS Requirement 4 at interim validation in 2023. (Verizon)

22. PCI DSS Requirement 11: only 47.6% were fully compliant with Requirement 11. (Verizon)
23. Requirement 1 improvement: full compliance with PCI DSS Requirement 1 improved from 61.8% in 2022 to 74.6% in 2023. (Verizon)

Threat Vectors And Compliance Training Requirements

1. AI‑driven breaches: 16% of data breaches involved attackers using artificial intelligence. (IBM)

2. Access‑control lapses: 97% of those AI‑enabled breaches lacked proper access controls. (IBM)

3. AI/automation adoption: 32% of organizations use security AI or automation extensively, 40% use it to a limited extent and 28% do not use it. (IBM)

4. Cost of automation: organizations without security AI and automation face average breach costs of $5.52 million, compared with $3.85 million for those that use it extensively. (IBM)

5. Ad‑hoc risk management: 60% of organizations with ad‑hoc risk management experienced a data breach in 2024, compared with 41% of those using integrated or automated GRC tools. (Hyperproof)

6. Tailored ethics training: 76% of compliance programs tailor ethics training for high‑risk employees. (Navex)

7. Language support: 80% of programs offer training in employees’ native languages. (Navex)

8. Hotline adoption: 53% of organizations operate a whistleblower hotline; adoption rates are 69% for large companies, 54% for mid‑size firms and 43% for small businesses. (Navex)

9. Non‑retaliation policies: only 49% have an official non‑retaliation policy to protect whistleblowers. (Navex)
10. Purpose‑built compliance tech:78% use purpose‑built technology for ethics and compliance training and related program elements. (Navex)

Industry Specific Compliance Impacts

Financial Services Compliance Trends

1. Data‑sovereignty priority: 93% of financial‑services organizations rank data sovereignty as critical or very important. (Kiteworks)

2. Framework adoption: financial‑services respondents report high adoption rates of ISO 27001, SOC 2 Type II and PCI DSS certification. (Kiteworks)

3. Executive reporting: 16% of financial‑services compliance professionals report potential regulatory changes directly to executive teams or boards. (PR Newswire)

4. Geopolitical risks: 25% of financial‑services leaders anticipate significant strategic change due to geopolitical risks, and 8% believe those tensions could fundamentally alter their business models. (PR Newswire)

5. Change‑management effectiveness: 21% rate their regulatory change‑management approach as somewhat or highly ineffective. (PR Newswire)

6. Automation prevalence: 98% of financial‑services respondents automate at least part of their regulatory change‑management process. (PR Newswire)

7. Implementation timelines: despite automation, it takes more than a year on average to fully implement regulatory changes. (PR Newswire)

8. AI‑regulation volume: the CUBE report recorded 157 AI‑related regulatory insights for financial services in one year. (PR Newswire)
9. 56% of enterprises will shift compliance systems to the cloud by July 2025 to maintain compliance in a changing regulatory landscape and support international compliance standardization. (Compliance and Risks)

Technology, Manufacturing, And Healthcare Compliance Impacts

1. Sovereignty importance: 86% of technology companies consider data sovereignty critical or very important. (Kiteworks)

2. GDPR applicability: 94% of technology companies must comply with GDPR. (Kiteworks)

3. PCI applicability: 72% of technology organizations are subject to PCI DSS when handling payments. (Kiteworks)

4. Sovereignty priority: 80% of manufacturing organizations rate data sovereignty as critical. (Kiteworks)

5. Framework adoption: ISO 27001 adoption is strong among manufacturers, but SOC 2 Type II adoption varies widely. (Kiteworks)

6. Legacy systems: manufacturing forms often rely on legacy systems, exposing supplier portals and warranty registration forms to cyber‑attack vectors. (Kiteworks)

7. Sovereignty importance: 83% of healthcare organizations consider data sovereignty critical. (Kiteworks)

8. HIPAA coverage: nearly all healthcare respondents must comply with HIPAA and 97% collect protected health information through forms. (Kiteworks)

9. Attack patterns: healthcare forms experience high rates of cross‑site‑scripting and credential‑harvesting attacks. (Kiteworks)

10. High‑value workflows: governments manage applications, benefits, procurement and citizen services through web forms, creating high exposure to bot attacks, credential harvesting and injection attempts. (Kiteworks)

11. 56% of organizations in 2025 use purpose built technology for third party risk, signaling higher compliance maturity. (Cohesity)

12. Employee hours dedicated to compliance increased 61% from 2016 to 2023. (Bank Policy Institute PDF)

13. 40% of compliance teams still relied on basic tools like spreadsheets. (Drata)

14. 77% of global C-suite leaders said compliance contributed significantly or moderately to objectives. (Thomson Reuters Institute 2025 C-Suite Survey PDF)
15. 69% of risk and compliance professionals said keeping up with laws, policies, and regulations was most important when making decisions. (NAVEX Global Risk and Compliance Statistics)

Regional And Country Level Compliance Breakdowns

1. United States breach cost: IBM reports that the average cost of a data breach in the United States exceeds $10 million. (IBM)

2. Global average breach cost: the 2025 global average breach cost was $4.44 million, a 9% decrease from 2024’s $4.88 million. (IBM)

3. Noncompliance penalty: failing to comply with regulations adds $174,538 to the average breach cost. (IBM)

4. GDPR fines: European supervisory authorities issued approximately €1.2 billion in GDPR fines in 2025. (DLA Piper)

5. Breach notifications: notified personal‑data breaches increased by 22% year‑over‑year, reaching an average of 443 notifications per day. (DLA Piper)

6. Aggregate fines: since the GDPR took effect in 2018, fines across surveyed jurisdictions have totalled €7.1 billion. (DLA Piper)
7. Irish Data Protection Commission: Ireland’s Data Protection Commission has issued €4.04 billion in fines since 2018 and imposed the largest GDPR fine of 2025 (€530 million) for international data‑transfer violations. (DLA Piper)

Major Breaches And Compliance Risk Management

1. Shadow AI cost premium: high levels of shadow AI increase average breach costs by $670,000 ($4.74 million versus $4.07 million). (IBM)

2. Skill‑shortage premium: a high security‑skills shortage raises breach costs by $1.57 million ($5.22 million versus $3.65 million). (IBM)

3. Automation savings: using AI‑driven security automation reduces breach costs by $1.67 million ($5.52 million without automation versus $3.85 million with extensive automation). (IBM)

4. Third‑party screening criteria: when evaluating third‑party relationships, 58% of organizations screen for regulatory compliance, 54% for cybersecurity and data protection, 49% for financial health, 33% for human rights and 30% for litigation history. (Navex)

5. Due diligence effectiveness: 84% agree that rigorous due diligence reduces third‑party risk. (Navex)

6. Audit process labour: in Swiss ISAE and SOC reporting, an average of 44 controls per report are mostly manual and require one to five hours each. (KPMG)

7. Team size: 63% of Swiss organizations have only one full‑time equivalent working on ISAE or SOC processes; 22% have two to five, 7% have six to ten, 4% have 11–15 and 7% have more than 15. (KPMG)

8. Process maturity: 70% rate their ISAE/SOC processes as standardized but primarily manual, while about 20% claim well‑integrated automation supported by GRC tools. (KPMG)

9. Evidence quality challenge: 37% cite the quality of evidence as the biggest challenge in ISAE/SOC reporting, while 32% cite turnover of control owners and 26% cite meeting deadlines. (KPMG)
10. Manual effort:59% of controls in Swiss ISAE/SOC reports take one to five hours to execute, while 41% take less than an hour. (KPMG)

Compliance Cost And Vendor Complexity

1. Security budgets: 74% of organizations in Hyperproof’s benchmark have annual security budgets above $1 million, while 22% have budgets below that threshold. (Hyperproof)

2. Budget constraints: 27% of Fortra survey respondents cite budget constraints as the primary reason for not moving to the cloud. (Fortra)

3. Security concerns: 59% of organizations not moving to the cloud cite security concerns, down from 77% the previous year. (Fortra)

4. Security vendors: 70% use fewer than ten security vendors, 21% use 11–20, 5% use 21–30, 3% use 31–40 and 1% use more than 50 vendors. (Fortra)

5. Confidence in tools: 58% feel confident in their security tool knowledge, 20% are somewhat confident, 19% are very confident and 3% are not confident. (Fortra)

6. Tool usage average: companies use an average of more than four tools to manage multi‑state compliance. (Mosey)

7. Manual tracking: 55% rely on spreadsheets, 65% use calendar reminders and 67% depend on email alerts for compliance tracking. (Mosey)

8. Compliance software adoption: only 37% have a dedicated compliance software platform, while 63% rely on a patchwork of general business tools. (Mosey)

9. Proactive management: only 15% describe their compliance approach as highly proactive and 52% as somewhat proactive. (Mosey)

10. Issue discovery: 59% discover compliance issues through state agency notices or penalties. (Mosey)

11. Business disruptions: 33% experienced late filings that resulted in penalties, 29% encountered unexpected tax liabilities and 23% had audit findings, while 44% avoided major challenges. (Mosey)

12. 58% of respondents reported increased internal compliance costs over the last three years. (Coalfire Securealities Compliance Report 2023 PDF)

13. 64% of CEOs viewed the regulatory environment as a barrier to value creation. (PwC CEO Survey 2024)
14. 90% of compliance professionals in Asia-Pacific said privacy regulations benefit business. (Cisco 2025 Data Privacy Benchmark Study PD)

Human Impact On Compliance Teams

1. Skills shortage prevalence: 48% of organizations report a high security‑skills shortage. (IBM)

2. Training adoption: more than half of privacy teams report that 90% of employees have completed privacy training, but one in five say fewer than 50% of employees have taken any training. (i app)

3. Expanded responsibilities: 80% of privacy teams have taken on responsibilities beyond privacy. (i app)

4. AI and data governance duties: 69% of chief privacy officers have assumed responsibilities for AI governance and 69% also oversee data governance and ethics. (i app)

5. Challenge prevalence: 99% of privacy professionals report facing challenges delivering privacy compliance; 55% encounter five or more challenges and 15% face ten or more. (i app)
6. Data‑protection officers:70% of European organizations have at least one data‑protection officer, whereas only 40% of North American organizations have a DPO and they average fewer than one full‑time position. (i app)

Cryptocurrency Compliance Risk Statistics

1. Illicit cryptocurrency addresses received at least $154 billion in 2025, a 162% year-over-year increase. (Chainalysis 2026 Crypto Crime Report)

2. Stablecoins now account for 84% of all illicit crypto transaction volume, up from 63% in 2024. (Chainalysis)

3. Value received by sanctioned entities surged 694% year-over-year in 2025 — the single biggest driver of rising illicit volumes. (Chainalysis)

4. Despite record nominal values, illicit activity still represents less than 1% of total on-chain crypto transaction volume. (Chainalysis)

5. Illicit entity wallet balances (BTC, ETH, stablecoins) reached nearly $15 billion by July 2025 — a 359% surge from 2020. (Chainalysis)

6. DPRK-linked hackers stole $2 billion from crypto platforms in 2025, their most destructive year on record. (Chainalysis)

7. The February 2025 Bybit exploit alone netted nearly $1.5 billion — and only 3.8% of the stolen funds have been recovered. (FATF, Targeted Update on VA/VASPs 2025)

8. Russia’s ruble-backed A7A5 token processed over $93.3 billion in less than a year before OFAC and EU sanctions designations. (Chainalysis)

9. Americans reported $9.3 billion in cryptocurrency-related fraud losses in 2024 — a 66% jump from 2023. (FBI Internet Crime Complaint Center, 2024 IC3 Report)

10. Crypto investment scams (including “pig butchering”) generated 41,557 complaints and $5.8 billion in losses in 2024, a 47% increase year-over-year. (FBI IC3)

11. Complaints involving crypto ATMs and kiosks rose 99% in 2024, with reported losses of $246.7 million. (FBI IC3)

12. Americans aged 60+ lost over $1.6 billion to crypto investment scams alone in 2024, the largest loss cohort of any age group. (FBI IC3)

13. U.S. crypto fraud losses reached $11 billion across 181,565 complaints in 2025, up 22% from 2024. (FBI IC3, 2025 Internet Crime Report)

14. Binance paid $4.3 billion in combined penalties (DOJ, FinCEN, OFAC, CFTC) in 2023 for Bank Secrecy Act and sanctions violations — the largest crypto settlement in history. (U.S. Department of the Treasury)

15. FinCEN’s $3.4 billion civil penalty and OFAC’s $968 million penalty against Binance were the largest ever imposed by each agency. (U.S. Department of the Treasury)

16. SEC monetary sanctions against crypto firms climbed 3,018% in 2024 to $4.68 billion, driven largely by the $4.5 billion Terraform Labs judgment. (Social Capital Markets analysis of SEC data)

17. Since 2013, the SEC has levied over $7.42 billion in fines against crypto firms and individuals, with 63% of that total coming in 2024 alone. (Social Capital Markets)

18. As of July 2024, 75% of assessed jurisdictions were only partially compliant or non-compliant with FATF’s AML/CFT standards for virtual assets. (FATF, 2024 Targeted Update on VA/VASPs)

19. As of April 2025, only one jurisdiction globally was rated fully compliant with FATF Recommendation 15. (FATF, 2025 Targeted Update)

20. 99 jurisdictions have passed or are in the process of passing legislation implementing the FATF Travel Rule — but supervision and enforcement remain low in most. (FATF, 2025 Targeted Update)

Compliance Training Statistics

1. The global baseline Phish-prone Percentage stood at 33.1% before training, meaning roughly a third of employees interacted with phishing simulations before receiving security awareness training. (KnowBe4, 2025 Phishing by Industry Benchmarking Report)

2. Ongoing security awareness training reduced the global Phish-prone Percentage from 33.1% to 4.1% after 12 months, an 86% decline. (KnowBe4, 2025 Phishing by Industry Benchmarking Report)

3. Phishing click rates dropped 40% within the first 90 days of security awareness training. (KnowBe4, 2025 Phishing by Industry Benchmarking Report)

4. Approximately 60% of data breaches involved the human element in 2025, including phishing, stolen credentials, errors, and misuse. (Verizon, 2025 Data Breach Investigations Report)

5. Stolen credentials were the initial access vector in 22% of breaches analyzed in 2025, the most common entry method after years of holding the top spot. (Verizon, 2025 Data Breach Investigations Report)

6. Phishing accounted for 16% of breach initial access vectors in 2025, overtaking stolen credentials as the top entry method in IBM’s data. (IBM, 2025 Cost of a Data Breach Report)

7. The global average cost of a data breach fell to $4.44 million in 2025, a 9% decrease driven largely by faster AI-assisted detection and containment. (IBM, 2025 Cost of a Data Breach Report)

8. 28% of employees globally reported feeling pressured to compromise workplace standards or the law in the most recent Global Business Ethics Survey, up from 20% in 2019. (Ethics & Compliance Initiative, 2023 Global Business Ethics Survey)

9. 65% of global employees observed misconduct in their workplace during the prior 12 months in the 2023 GBES, compared to 60% in 2020. (Ethics & Compliance Initiative, 2023 Global Business Ethics Survey)

10. Only 26% of risk and compliance professionals surveyed said they factor specific risk areas into the selection of their training program. (NAVEX, 2024 State of Risk & Compliance Report)

IRS Audit Statistics

1. The IRS closed 505,514 tax return audits in fiscal year 2024, producing $29 billion in recommended additional tax. (IRS, FY 2024 Data Book)

2. Fewer than 0.4% of individual income tax returns were examined under FY 2024 examination coverage. (IRS FY 2024 Data Book, Compliance Presence)

3. Individual returns reporting $10 million or more in total positive income had an examination rate of 7.9% under recent coverage. (IRS FY 2024 Data Book, Table 17)

4. The IRS audited 3,861 individual returns reporting $10 million or more in income during FY 2024, with 3,270 handled as field audits. (IRS FY 2024 Data Book)

5. Correspondence audits accounted for 77.9% of all IRS audits in FY 2024. Field audits made up the remaining 22.1%. (IRS FY 2024 Data Book, Table 18)

6. Field audits produced $23 billion in recommended additional tax in FY 2024. Correspondence audits generated roughly $6 billion over the same period. (IRS FY 2024 Data Book)

7. Approximately 0.66% of corporation returns were examined during FY 2024. (IRS FY 2024 Data Book)

8. The Automated Underreporter Program closed 1.2 million cases in FY 2024, producing $7.7 billion in additional assessments. (IRS FY 2024 Data Book, Table 24)

9. The IRS assessed $84.1 billion in civil penalties on individual, estate, and trust income tax returns during FY 2024. (IRS FY 2024 Data Book, Table 26)

10. The IRS closed 2,481 criminal tax investigations in FY 2024, with 1,571 resulting in convictions and 1,198 taxpayers sentenced to prison. (IRS FY 2024 Data Book, Table 26)

Wanna read similar stat based articles? Check out:

• 280+ Cybersecurity Compliance Stats
• 100+ Penetration Testing Statistics
• 200+ Cybersecurity Statistics

FAQ

Sources

• A-LIGN — 2025 Compliance Benchmark Report: ISO 27001 Buyer’s Guide.

[View report]

• Accenture — State of Cybersecurity Resilience.

[View report]

• AICPA — Audit and Assurance — SOC 2.

[View report]

• Bank Policy Institute — Survey: Compliance Is a Growing Demand on Bank Resources (2024).

[View report]

• Bluesight — 2025 Breach Barometer Annual Report (2025).

[View report]

• Cisco — 2025 Data Privacy Benchmark Study (2025).

[View report]

• Coalfire — Securealities Compliance Report (2023).

[View report]

• Cohesity — Six Predictions for 2025 (2025).

[View report]

• Compliance & Risks — 25 Critical Stats Every Chief Compliance Officer Needs to Know in 2025 (2025).

[View report]

• DLA Piper — GDPR Fines and Data Breach Survey (2026).

[View report]

• Drata — 115 Compliance Statistics You Need to Know in 2025 (2025).

[View report]

• Flagright — AML Compliance in the Era of Artificial Intelligence (2026).

[View report]

• Fortra — 2025 State of Cybersecurity Survey (2025).

[View report]

• Hyperproof — 2025 IT Risk & Compliance Benchmark Report (2025).

[View report]

• IAPP — Privacy Governance Report (2024).

[View report]

• IBM — Cost of a Data Breach Report (2025).

[View report]

• Kiteworks — Data Security & Compliance Risk: 2025 Data Forms Survey (2025).

[View report]

• KPMG — Swiss ISAE & SOC Readiness Study (2025).

[View report]

• Mosey — 2025 Multi‑State Compliance Benchmark Report (2025).

[View report]

• Navex — 2025 State of Risk & Compliance Report (2025).

[View report]

• PR Newswire / CUBE — Cost of Compliance Report (2025).

[View report]

• Protiviti — The Compliance Playbook: Navigating the Financial Services Industry’s Compliance Priorities in 2025 (2025).

[View report]

• PwC — 29th Annual Global CEO Survey (2026).

[View report]

• PwC — Global Compliance Survey (2025).

[View report]

• Thomson Reuters Institute — 2025 C-Suite Survey (2025).

[View report]

• TrustNet — SOC 2 Audit Process, Timeline & Costs.

[View report]

• U.S. Department of Health and Human Services — HIPAA Enforcement Highlights.

[View report]

• Vanta — SOC 2 Audit Cost.

[View report]

• Verizon — 2023 Payment Security Report (2023).

[View report]