The State of Continuous Compliance Report

Maximize growth and stand out among stiff competition with first-of-its-kind compliance benchmarking data specifically for security providers.

Download Full Report

In the report

We Surveyed Hundreds of Managed Service & Security Providers

The aim of the inaugural State of Continuous Compliance Report is to better understand the compliance trends, challenges, and opportunities managed service and security providers face. To that end, we surveyed practice leaders and senior operators across hundreds of providers to learn how they deliver compliance today. With compliance benchmarking data that doesn't exist anywhere else, this report is a guide to improving business growth, revenue, and differentiation in a competitive market.

Packaging & Delivery

How are providers delivering compliance today and structuring compliance offerings?

Revenue & Growth

How can continuous compliance help providers meet aggressive revenue and growth goals?

Main Challenges

What challenges do providers face when maintaining compliance for their clients?

Tools & Technology

How are tools and technology impacting revenue growth, efficiency, and differentiation?

Key Findings & Takeaways

80%

of the surveyed providers offer some form of compliance services.

15%

offer compliance primarily as a managed service.

75%

view compliance as a "high growth" business.

70%

have at least double-digit revenue growth goals.

56%

receive less than a quarter of their revenue from recurring engagements.

86%

want to turn one-off projects into recurring revenue through "continuous compliance" as a service.

50%

use spreadsheets to track customer compliance.

85%

face "significant challenges" maintaining compliance for customers.

Download Full Report

Providers Have a Managed Compliance Gap

They're leaving opportunities on the table when it comes to compliance services

While 80% of the surveyed providers offer some form of compliance services, many only offer compliance in an advisory capacity. Only 15% of compliance practices live primarily on the managed services side. Looking at individual services rendered, only half of all providers offer managed compliance as a service.

Compliance by individual services rendered

Growth Goals Are Ambitious, Recurring Revenue Is Limited

Continuous compliance represents a disproportionally small percentage of revenue

Providers face aggressive growth expectations, with 70% targeting at least double-digit ARR/MRR growth. While 3 out of 4 view compliance as a high-growth area, nearly half receive less than 10% of their revenue from compliance services. For the majority of providers, less than a quarter of their revenue is recurring. Only 36% receive more than half of their revenue from continuous compliance.

There's High Interest in Continuous Compliance

Providers and their clients want ongoing delivery of compliance services

Compliance work is typically made up of one-off engagements that provide limited recurring revenue potential. To remove that barrier to growth, 86% of providers offering compliance services are interested in continuous compliance as a service offerings. And 70% say their clients would also be interested in compliance and security monitoring and scoring around the clock.

Providers Are Still Using Spreadsheets to Manage Compliance

a disproportionally small percentage is using compliance automation platforms compared to overall interest

Half of the surveyed providers are still using spreadsheets to track, measure, and report on cybersecurity compliance for their clients. While 87% are open to delivering their services through a compliance automation platform, less than half are currently doing so. Overall, those using automation report faster risk assessments, higher ARR/MRR growth goals, and greater confidence in meeting those goals.

Percentage of providers using various tools and technologies

Most Providers Face Significant Compliance Challenges

five Key challenges are limiting their ability to maintain compliance for their clients

An overwhelming 85% of providers face “significant challenges” maintaining compliance for customers. Lack of resources, expertise, or technology prevent many from offering managed compliance. Others cited high costs or limited client demand. These are the same reasons 20% of providers aren't offering any compliance services at all.

Additional insights

Access the Full State of Continuous Compliance Report

Get your copy of the complete report for additional insights that will help you go to market more effectively with security and compliance solutions.

Download Full Report

The State of Continuous Compliance Report

The Apptega difference

Our Partners Have More Optimistic Goals & Outcomes

In an increasingly commoditized market, our partners are delivering continuous security and compliance offerings that set them apart from the competition and maximize growth opportunities. Learn more about how Apptega partners compare in the full report.