Cybersecurity compliance is draining organizations’ IT budgets and holding back business performance.

That’s according to a new report from Coalfire and Omdia’s called “Compliance in the Era of Digital Transformation.” It outlines the impact of compliance in today’s world of increasing regulation, pandemic-driven communications and cloud migration.

The researchers polled IT and security executives from technology, financial services, manufacturing, health care, government and more.

Adam Shnider is Coalfire‘s executive vice president of cyber assurance services. He said compliance has changed dramatically over the last 10 years.

Coalfire’s Adam Shnider

“While MSSPs can continue to offer solutions … to support their customer compliance needs, the broader issues identified were the amount of time organizations spend managing and coordinating all their compliance needs,” he said.

One thing in particular stood out to Shnider. More than half of respondents said they are spending 40% of their security budgets on compliance. And by transforming their compliance programs, they could save 40-50% in expenses.

Organizations should integrate all of their tools to provide a more complete view of their security and compliance, Shnider said. MSSPs can help with this, but it mostly requires internal vision and direction, he said.

Cybersecurity Compliance Creates Performance Barriers

Nearly three in five (60%) companies said compliance is stopping growth. That includes expansion and preparing new compliance services.

Two in three (66% said automation, ongoing visibility and coordinated assessments are critical to transform compliance. That reduces audit fatigue and the total cost of compliance.

“While each compliance framework has its own nuance, the more companies work on gaining visibility into compliance posture by automating the most predictable will simplify compliance,” Shnider said.

Experts can help organizations streamline this process, he said.

“The challenge that most face are finding resources and experts that can support and scale with their needs, and integrate all the components of their compliance program to improve visibility to simplify their programs,” Shnider said.

“Despite the exponential growth in compliance obligations, our research shows that positive business and security outcomes are possible,” said Alan Rodger, Omdia senior analyst. “By adopting new best practices, some organizations are reporting 40-50% compliance resource savings. And many are using their improved security posture as a competitive differentiator.”