A new report from Vanta shows 67 percent of businesses say they need to improve security and compliance measures with 24 percent rating their organization’s security and compliance strategy as reactive.

The expansion of attack surfaces in a post-pandemic hybrid world, combined with shrinking teams and budgets and the rapid rise of generative AI, are fueling an urgent need for companies to improve, and prove, their security posture.

Two-thirds of respondents say that customers, investors and suppliers are increasingly looking for proof of security and compliance. While 41 percent provide internal audit reports, 37 percent third party audits, and 36 percent complete security questionnaires, one in eight (12 percent) admit they don’t or can’t provide evidence when asked.

Businesses are spending on average of 7.5 hours per week — more than nine working weeks a year — on achieving security compliance or staying compliant. Also 54 percent are concerned that secure data management is becoming more challenging with AI adoption with 51 percent saying that using generative AI could erode customer trust.

A majority (70 percent) of leaders say that a better security and compliance strategy positively impacts their businesses thanks to stronger customer trust, while nearly three in four (72 percent) agree that a better security and compliance strategy would make them more efficient.

In addition 83 percent of businesses have or plan to increase their use of automation, particularly for reducing manual work and streamlining vendor risk reviews and onboarding. All in, respondents believe they could save at least two hours per week — over 2.5 working weeks a year — if security and compliance tasks were automated.

“The business case for trust management is undeniable,” says Christina Cacioppo, CEO of Vanta. “For companies at the forefront of disrupting the security status quo, centralizing processes, automating compliance and accelerating security reviews can turn trust into a truly marketable advantage. By closing the loop on the security lifecycle from compliance through continuous monitoring and communication, businesses can transform how they build trust and ultimately unlock growth.”