85% of Firms Rethink GRC as Resource Strains Mount
Event summary
- 85% of organizations are delaying or eliminating legacy GRC activities due to resource constraints
- 95% have implemented some level of automation in GRC, but only 4% have achieved full end-to-end automation
- 64% report significant or transformational improvement from AI adoption
- Report based on survey of 253 InfoSec leaders across industries including financial services, healthcare, and tech
The big picture
The 2026 State of Continuous Controls Monitoring Report highlights a critical inflection point in governance, risk, and compliance (GRC) as organizations struggle with manual processes and resource constraints. With 83% of firms reporting delays due to manual compliance work, the shift toward automation and real-time monitoring is accelerating. This trend is particularly pronounced in heavily regulated industries like financial services and healthcare, where the cost of non-compliance continues to rise.
What we're watching
- Automation Adoption
- The pace at which organizations will achieve full end-to-end automation in GRC processes
- Regulatory Pressure
- How rising regulatory expectations will impact organizations' ability to modernize GRC approaches
- Workforce Strain
- Whether organizations can address the skilled employee shortage in compliance and security teams
Related topics