Staffing and budget cuts shouldn’t come at the cost of security and compliance, according to Paulo Rodriguez, Head of EMEA, Vanta, a trust management platform.
UK organisations are operating in an increasingly complex security landscape. Three key factors are fuelling this: increased risk of cyber attacks in a hybrid world, shrinking resources and budgets and the explosion of Generative AI in our work and lives. The need to demonstrate a robust security posture is now more urgent than ever. But how prepared are UK businesses?
We asked that question as part of Vanta’s State of Trust Report and found that UK business-es have a lot more work to do. Two thirds (66pc) of organisations believe that their business needs to improve security and compliance measures. However, on average only nine per-cent of businesses’ IT budget is dedicated to security, making it harder for organisations to make meaningful changes.
Adding further pressure, 67 percent of businesses say that customers, investors and suppliers are increasingly looking for proof of security and compliance. Businesses could therefore lose sales if they can’t provide prospects with confidence that they’re a trusted vendor. Yet compliance isn’t always viewed as a top priority for organisations as they navigate economic headwinds. But this vicious circle leads to stagnation, and worse, missed growth opportunities. So how do UK businesses move forward, and build trust, with fewer resources?
The need to prioritise security
According to respondents, the biggest barriers to proving and demonstrating security externally are a lack of staffing and automation to replace manual work. This comes at a time when one in four (24pc) businesses surveyed say they have reduced IT staff. And it’s not just team size that’s decreasing. One in three leaders (33pc) say that their overall IT budgets are shrinking as they continue navigating the economic downturn, while 60pc have either al-ready downsized IT budgets or are planning to.
And with workers spending an average of 7.5 hours per week (or 48 working days per year) on achieving compliance, or remaining compliant, it’s not simply a tick box exercise that businesses can overlook. The problem is that compliance is being deprioritised by nearly half (45pc) of UK businesses due to the time it takes. But this decision puts businesses at risk. Risk from exposure to cyber attacks, from reduced customer trust, and stunted growth.
Thankfully, new means to automate compliance are transforming the way companies demonstrate trust in an affordable and efficient way.
AI and compliance
For security and compliance, AI has the potential to be truly transformational. We know from the State of Trust Report that employees are spending hours of time on the necessary steps to become, and remain compliant, or avoiding compliance altogether because of the time drain it creates. However, by automating the tedious compliance tasks that teams have no choice but to perform manually, businesses have more time to focus on the tasks that matter most whilst having peace of mind that their businesses are protected from security risk.
Many businesses already recognise the opportunity. Some 78pc already use, or plan to use, AI/ML to detect high risk actions. And respondents believe they could save at least two hours per week on average (three working weeks a year) purely across their various security and compliance tasks, if they had the automation to help. In particular, UK businesses believe that automation could provide a plethora of benefits, including: improving the accuracy of security questionnaires (43pc), eliminating manual work (43pc), reducing the need for large teams (34pc), and streamlining vendor risk reviews and onboarding (33pc).
Some 59pc of organisations also agree that their business is more likely to consider automating security compliance when scaling to different markets. Given the nuances of different market regulations around the world, any business with growth aspirations needs to ensure they don’t fall at this hurdle. One crucial way to do that is through use of a trust management platform.
Tipping point for trust management
Trust management is a holistic approach to defining, managing, maturing, and proving your security and compliance commitments. It’s a concerted and intentional effort to both become more secure and communicate that security to instil confidence in prospects and customers.
Supercharged by AI, trust management is critical to reducing the tedious and repetitive security tasks that pull teams away from their most strategic work. For companies at the forefront of this disruption, centralising security processes, automating compliance, and accelerating security reviews can turn trust into a truly marketable advantage.
