Swimlane study reveals manual evidence gathering and disconnected teams are stalling compliance progress

DENVER: According to newly released research from Swimlane, only 29% of all organizations say their compliance programs consistently meet internal and external standards. The report, “GRC Chaos: The High Price of Audits and Non-Compliance,” reveals that fragmented workflows, manual evidence gathering and poor collaboration between security and governance, risk and compliance (GRC) teams are leaving organizations vulnerable to audit failures, regulatory penalties and security gaps.

To better understand how cybersecurity teams are managing the growing complexity and demands of regulatory requirements, Swimlane surveyed 500 IT and security decision-makers across the United States and the United Kingdom. The findings indicate a clear need for streamlined workflows, stronger cross-team alignment and intelligent automation to bring order to the chaos — restoring confidence of management and the board in compliance readiness.

“The burden of compliance weighs heavy on security and GRC teams, and the pain is growing faster than teams can adapt,” said Michael Lyborg, CISO at Swimlane. “Regulations are shifting, expectations are rising, and yet most organizations still rely on processes that were never designed for this level of complexity. Until now, everything has been massive spreadsheets. Without better coordination and smarter workflows, even well-intentioned programs will fall short.”

Key Takeaways

• The Compliance Burden Is Getting Heavier: 96% of organizations say it’s challenging to keep up with the growing number of industry regulations, and only 29% report that their compliance programs consistently meet internal and external standards.
• Fragmented Tools, Fractured Processes: 92% of respondents rely on three or more tools to gather audit evidence, often resulting in duplicated effort and disjointed workflows. On average, just 39% of the audit evidence process is automated.
• Manual Work Is Costing Time — and Accuracy: Over half of organizations (54%) spend more than five hours each week on manual compliance tasks. Unsurprisingly, 62% say their audit evidence-gathering process is at least occasionally error-prone.
• GRC and Security Don’t Speak the Same Language: 90% of organizations are concerned that poor collaboration between GRC and security teams is undermining audit preparation. Differing priorities, unclear roles and communication breakdowns are major barriers to alignment.
• What’s at Stake When Compliance Fails: Organizations cited financial penalties (39%), security breaches (36%), and reputational damage (36%) as the top risks of poor compliance management.

“Audit readiness is harder than it should be," said Jack Rumsey, Head of GRC at Swimlane. "Teams are wasting time chasing evidence, interpreting requirements in isolation and stitching together data across disconnected systems. This report highlights just how unsustainable that model has become — and why it’s time to rethink how to manage compliance from the ground up.”

Key Resources

• Visit the Swimlane team at this year’s RSA Conference, April 28 - May 1, at the San Francisco Moscone Center, Booth #S-2157
• Download the report: GRC Chaos: The High Price of Audits and Non-Compliance
• Register here for Swimlane’s upcoming webinar “From Spreadsheet Chaos to GRC Control: Tips to Transform Compliance Audits” on May 15 at 12 PM ET.

Methodology

The survey was conducted among 500 IT and cybersecurity decision-makers with oversight of the compliance audit process at enterprise companies with at least 1,000 employees in the United States and the United Kingdom. The interviews were conducted online by Sapio Research and under the guidance of Swimlane, Inc. in March 2025 using an email invitation and an online survey.

About Swimlane

At Swimlane, we believe the convergence of agentic AI and automation can solve the most challenging security, compliance and IT/OT operations problems. With Swimlane, enterprises and MSSPs benefit from the world's first and only hyperautomation platform for every security function. Only Swimlane gives you the scale and flexibility to build your own hyperautomation applications to unify security teams, tools and telemetry ensuring today’s SecOps are always a step ahead of tomorrow's threats.

Learn more: swimlane.com

Request a Demo: swimlane.com/demo

Fonte: Business Wire