New study spotlights ongoing strategic and operational challenges to compliance with DORA, NIS2, and the EU AI Act.
AuditBoard, the leading cloud-based platform transforming audit, risk, compliance, and ESG management, today announced the results of a new research report, Unlock Regulatory Compliance With DORA, NIS2, and the EU AI Act. The report surveyed over 270 professionals in decision-making roles in information technology, information security, and risk management in organisations in the United Kingdom and Germany. The research showed 91% of respondents report feeling concerned about cybersecurity threats driving teams to enhance vigilance in addressing evolving cybersecurity and operational risks.
Organisations are under constant pressure to adopt more proactive and strategic approaches to compliance. To accomplish that goal across the UK, EU, and beyond, new and updated regulations or frameworks like the Digital Operational Resilience Act (DORA), Network and Information Security Directive 2 (NIS2), and the EU AI Act share a common purpose: improve cybersecurity and operational resilience while ensuring responsible AI use. These regulations require prioritisation to avoid penalties. They are also opportunities for companies to strengthen their risk posture and improve operational workflows and processes while using technology more responsibly.
AuditBoard, in partnership with Ascend2 Research, found that:
- Executives may view periodic updates as "real-time," while practitioners often rely on manual processes and spreadsheet-based reporting, which are often far from real-time. 92% of executives say they have real-time insights into compliance posture compared to just 69% of management professionals, highlighting the disconnect between perceived timeliness of data and the operational reality.
- 90% of professionals surveyed report conformance with DORA, the NIS2 Directive, and/or the EU AI Act will impact their workload. InfoSec professionals feel the weight of compliance efforts most, with 38% expecting to be impacted to a great extent, compared to 29% of risk management professionals and 28% of IT professionals. Increased workloads could potentially lead to a greater risk of noncompliance as teams struggle to stay afloat on daily tasks.
- Compliance with NIS2 is reported to be a high priority amongst organisations surveyed (61%). However, only 52% of organisations report being compliant, while another 44% plan to meet requirements by the end of next year.
- Many organisations have significant work ahead of them on their journey to compliance. Even those claiming to already be in compliance with the EU AI Act are missing essential elements of compliance that could leave them vulnerable. While 63% of those claiming compliance report having transparency measures in place, 55% say they have implemented risk management frameworks, and just over half (51%) execute comprehensive risk assessments.
- 83% of professionals are concerned about third-party AI use in regard to compliance with the EU AI Act. However, even more of those surveyed (91%) do feel that the EU AI Act will positively impact their organisation's use and development of AI applications.
"At a time when there are more cyber threats than ever before, ensuring compliance with new regulations remains a top priority for our business," said Karen Albert, Vice President of Internal Audit at Constellium. "This new research by AuditBoard illuminates the primary barriers to conformance with regulations such as DORA, NIS2, and the EU AI Act, and provides a map forward for organisations looking to improve their cybersecurity posture."
"We found that by leveraging purpose-built technology, professionals in all levels and functions can make more effective decisions and more efficiently execute efforts required to maintain compliance," said Jason Sechrist, Director of Product Solutions, EMEA at AuditBoard. "Whether in early stages of compliance or actively working to maintain it, organisations can use the findings in this report to build a framework for their journey and help future-proof their conformance strategies."
For the full findings and actionable insights into the state of organisational readiness, read the report here.
Methodology
AuditBoard, in partnership with Ascend2 Research, developed a custom online questionnaire to survey 272 professionals in decision-making roles in risk management, information technology (IT), and information security (InfoSec). These individuals represent organisations in the United Kingdom and Germany with annual recurring revenue of $25M or greater. The survey was fielded in November 2024.
About AuditBoard
AuditBoard is the leading cloud-based platform transforming audit, risk, compliance, and ESG management. More than 50% of the Fortune 500 leverage AuditBoard to move their businesses forward with greater clarity and agility. AuditBoard is top-rated by customers on G2, Capterra, and Gartner Peer Insights, and was recently ranked for the sixth year in a row as one of the fastest-growing technology companies in North America by Deloitte. To learn more, visit: AuditBoard.com.
View source version on businesswire.com: https://www.businesswire.com/news/home/20250204920158/en/
Contacts:
Laura Groshans
press@auditboard.com
