In an increasingly AI-dominated landscape, businesses face a complex balance between adopting new technologies and managing security risks. According to the recent Vanta 2024 Trust State Report, 55% of organizations believe that security risks have never been higher, yet most still allocate a minimal percentage of their IT budget to security. While ideally, 17% of the budget should be allocated to address these challenges, reality shows that only 11% is spent, leaving a considerable margin of vulnerability.
The accelerated adoption of AI has increased risks, with a rise in phishing attacks (33%), AI-based malware (32%), and compliance breaches (27%) in the past year. Nonetheless, companies’ approach to training their AI models remains limited and varies considerably. Only 25% of organizations seek customer consent to use their data in these models, while more than 75% do not provide an opt-out option. This situation poses serious ethical and privacy challenges in a context where customer trust is increasingly valuable.
The Challenge of Managing Security and Compliance
The rising security demands from customers, investors, and vendors are transforming companies’ approaches. In fact, 65% of organizations report that these stakeholders require more compliance evidence than in the past. On average, IT leaders spend 6.5 hours per week assessing and reviewing vendor risk, and half of the organizations detect and respond to cybersecurity threats at least once a week.
However, the challenges are not limited to external threats. The pressure to maintain regulatory compliance has increased, leading security leaders to spend more time on manual compliance tasks, reaching over 11 weeks in 2024, compared to 10 weeks in 2023. This is exacerbated by reliance on external vendors and the integration of AI into business processes, where 46% of organizations have already experienced a data breach related to a vendor. For 62% of companies, these third-party incidents negatively impact their reputation.
Geographical Differences in Security Management and AI
Approaches to security and compliance vary significantly by region. In the United States, 48% of organizations have suffered a data breach from a vendor, the highest figure among the countries surveyed. Meanwhile, in the UK, companies spend 12 weeks annually on compliance tasks, exceeding the 10 weeks from 2023, while in Australia, only 17% of organizations have strong visibility into vendor risk.
Investment in AI for security operations is another area where contrasts are observed. 55% of organizations in the UK have increased their investment in AI, outperforming the US and Australia. However, only 28% of Australian companies have or are implementing an AI policy, reflecting a lag behind other markets.
Automation and Trust in an AI World
In this complex environment, AI and automation emerge as key allies. According to the Vanta report, 44% of organizations have increased their investment in automation for security operations in the past year. The implementation of automated tools can save security teams between 3 and 5 hours per week, optimizing activities such as access reviews and responding to security questionnaires.
Vanta’s CEO, Christina Cacioppo, emphasized that to maintain trust in a world where AI is omnipresent, security leaders need to go beyond traditional practices, fostering continuous and automated trust across the organization. Trust management allows companies to reduce risk, strengthen customer confidence, and accelerate revenue growth.
Conclusion
With the rapid advancement of AI, trust and risk management are becoming central topics on the business agenda. As cybersecurity risks rise, the demand for transparency, compliance, and security also increases. Companies that manage to balance AI adoption with a solid security and compliance strategy will be better positioned to build trust and grow in an increasingly demanding digital environment.