Press Release

Coalfire Compliance Report Unveils the Next Horizon in Compliance

May 10, 2023

Compliance Automation Now Mission-Critical to Managing and Monetizing Multiple Frameworks

GREENWOOD VILLAGE, CO – May 10, 2023 – Today, Coalfire released its new Securealities 2023 Compliance Report developed in partnership with Informa’s Omdia research division. The report captures the changes in today’s world of compliance, detailing how 300+ security leaders are addressing compliance investments, organization governance, framework updates, tooling, automation, and more. Coalfire reveals that companies are struggling more than ever in managing multiple compliance frameworks within complex, hybrid-cloud environments and are increasingly turning to automation to meet the challenge.

“The early adopters that embraced compliance automation are starting to see returns on their investments by optimizing multiple regulatory frameworks including NIST, SOC, ISO, HITRUST, PCI, FedRAMP, and CMMC,” said Adam Shnider, executive vice president of compliance services at Coalfire. “Breaking away from traditional audit cycles, today’s platform-driven solutions now allow companies to continuously integrate, deploy, and monetize their compliance capabilities by entering new markets and engaging new customers.”

The Coalfire Compliance Report shows that technical options are increasing, as are complexities and costs.

  • A staggering 84% of retail, financial services, tech, and healthcare companies are impacted by the mandatory requirements of data protection frameworks and are compelled to frequently and consistently demonstrate compliance to customers, regulators, and supply chain partners.
  • Almost 70% manage at least six frameworks. 59% have multiple systems now subject to compliance requirements.
  • More than half (58%) report an uptick in compliance costs since 2020; over 40% claim 25%+ budget increases since then and believe their compliance spend will continue to grow.
  • Fifty-six percent of large enterprise respondents report using automation software to manage compliance. 64% of large enterprise respondents (revenue over $1 billion) have embraced tools to support evidence mapping to manage costs within multi-framework environments.

Unfortunately, many of those leveraging automation are seeing costs rise, which suggests that many are introducing software without re-engineering for coordinated assessment processes. Though costs have increased for many companies, organizations are slowly balancing workflows and starting to see investments pay off, signifying a change in momentum. With this paradigm shift, Coalfire expects costs to come down in future reporting due to improved platform and software capabilities supporting evidence collection and maintenance.

“Global security compliance controls and regulatory acceleration in the multi-cloud era are complex and must be met with efficiency and scalability”, states Cisco Global Head of Cloud Compliance Prashant Vadlamudi. “Meeting these challenges is key to a secure cloud, and for every enterprise, building your trust story is the lifeline to competitive advantage. Cisco aligns with Coalfire in our shared belief that compliance automation and cross-framework cloud engineering is the rising tide that lifts all boats.”

While 77% of organizations plan to migrate to updated frameworks soon, the report shows that nearly a quarter (23%) are under-prepared for this impending series of transitions and deadlines. Especially for cloud service and SaaS providers, failure to comply with more stringent guardrails in a timely manner can result in added corporate liability and potential personal legal exposure for executives.

The report confirms that privacy, commercial trade, and defense intelligence risks have arrived at a critical tipping point. Government cloud migration and regulatory maturity are transforming business processes and the entire economy. As the cybersecurity industry’s top compliance, advisory, and testing firm, Coalfire’s research informs best-practice security programs within today’s next-generation standards frameworks.

Access the full report.

About Coalfire

The world’s leading organizations – including the top five cloud service providers and leaders in financial services, healthcare, and retail – trust Coalfire to elevate their cyber programs and secure the future of their business. Number one in compliance, FedRAMP®, and cloud penetration testing, Coalfire is the world’s largest firm dedicated to cybersecurity services, providing unparalleled technology-enabled professional and managed services. To learn more, visit



For media inquiries:
Mike Gallo
(212) 239-8594