PR Newswire
StrongDM survey of 1,000 security, IT, and compliance professionals reveals 88% of financial organizations feel audit-ready, but tool sprawl and access management gaps pose ongoing risks.
As financial institutions and fintech firms face increasing regulatory pressure and evolving cyber threats, maintaining continuous compliance has become more critical—and more complex. A survey of 1,000 IT, security, and compliance professionals commissioned by StrongDM, the Zero Trust privileged access company, reveals that while audit readiness confidence is high, gaps in privileged access control and automation remain persistent concerns.
Key Findings from the Survey:
- Audit Readiness: 88.4% are “very confident” they would pass a surprise audit. Yet nearly half (49.3%) still spend over 10 hours monthly preparing audit evidence, exposing a disconnect between perception and process.
- Top Compliance Challenges: Managing third-party access (35%) and tracking least privilege (24.2%) are top concerns, followed by audit log production (23.1%).
- Privileged Access Gaps: 52% manage 10–20 high-risk systems. Just 35.3% have real-time access logging, while 2.1% lack visibility into access status altogether.
- Audit Workload & Automation: 45.2% have extensively automated compliance reporting, but 49.3% still spend 10–25 hours monthly preparing audit data.
- Strategic Investments: 35.2% plan to invest in real-time audit log solutions; 25.1% in compliance automation platforms.
Catch more Fintech Insights : Enhancing Cybersecurity in Financial Services through Adversarial Exposure Validation
Audit Confidence Runs High—But Is It Justified?
While 88.4% of respondents expressed strong confidence in passing a surprise audit, the fact that nearly half still devote over 10 hours per month to manual prep—and only 45.2% have extensive automation—suggests optimism may outpace operational readiness.
“If I could fix just one thing about our compliance program overnight, it would be to have fully automated and easily auditable evidence of policy enforcement across all our systems,” one respondent noted.
Complex Compliance: GDPR and ISO Ranked Toughest to Manage
GDPR (19.4%) and ISO 27001/27002 (18.2%) were ranked the most difficult regulations to manage, likely due to their documentation and ongoing controls. SOX (10.9%), GLBA (8.4%), and NYDFS (7.4%) were also cited as notable challenges.
Privileged Access Management: Still a Weak Link
While 52% of organizations manage between 10 and 20 high-risk systems, not all have robust controls:
- 35.3% automate access with real-time logs
- 30.7% rely on manual approval processes
- 33.9% use role-based access controls with limited auditability
Most concerning, 2.1% lack visibility into how long it takes to revoke access after an employee exits or changes roles.
“It takes hours and wastes time. We need to automate user revocation and access tracking,” shared one participant.
Compliance Still a Time Sink
While audit preparation was deemed a priority, most survey respondents indicated that it is onerous and consumes valuable time:
- 49.3% spend 10–25 hours monthly
- 17.7% spend more than 25 hours
- Just 4.8% spend fewer than five hours
Though automation is gaining traction, many teams remain tied to time-consuming, manual tasks to achieve compliance requirements.
Investment Priorities: Automate, Simplify, Secure
Over the next year, financial institutions are directing budgets toward:
- Real-time audit logs (35.2%)
- Compliance automation platforms (25.1%)
- Automated access controls (23.8%)
Smaller allocations include identity lifecycle management (8.9%) and third-party risk monitoring (7.0%).
Bridging the Gap Between Policy and Practice
While the majority of financial services organizations feel audit-ready, the survey highlights gaps in enforcing least privilege, automating revocation, and reducing manual workloads. These gaps can hinder true continuous compliance and elevate risk.
“I would automate and streamline the access review process to ensure we can track and enforce least privilege across all systems without manual intervention,” said one respondent.
Read More on Fintech : From Reactive to Resilient: 3 Practices to Help Financial Firms Thrive Amid Regulatory Change
[To share your insights with us, please write to psen@itechseries.com ]
