The State of Continuous Compliance Report

Maximize growth and stand out among stiff competition with first-of-its-kind compliance benchmarking data specifically for security providers.

In the report

We Surveyed Hundreds of Managed Service & Security Providers

The aim of the inaugural State of Continuous Compliance Report is to better understand the compliance trends, challenges, and opportunities managed service and security providers face. To that end, we surveyed practice leaders and senior operators across hundreds of providers to learn how they deliver compliance today. With compliance benchmarking data that doesn't exist anywhere else, this report is a guide to improving business growth, revenue, and differentiation in a competitive market.

Packaging & Delivery
Packaging & Delivery

How are providers delivering compliance today and structuring compliance offerings?

Revenue & Growth
Revenue & Growth

How can continuous compliance help providers meet aggressive revenue and growth goals?

Main challenges
Main Challenges

What challenges do providers face when maintaining compliance for their clients?

Tools & Tech
Tools & Technology

How are tools and technology impacting revenue growth, efficiency, and differentiation?

Providers Have a Managed Compliance Gap

They're leaving opportunities on the table when it comes to compliance services

While 80% of the surveyed providers offer some form of compliance services, many only offer compliance in an advisory capacity. Only 15% of compliance practices live primarily on the managed services side. Looking at individual services rendered, only half of all providers offer managed compliance as a service.

Compliance by individual services rendered

Growth Goals Are Ambitious, Recurring Revenue Is Limited

Continuous compliance represents a disproportionally small percentage of revenue

Providers face aggressive growth expectations, with 70% targeting at least double-digit ARR/MRR growth. While 3 out of 4 view compliance as a high-growth area, nearly half receive less than 10% of their revenue from compliance services. For the majority of providers, less than a quarter of their revenue is recurring. Only 36% receive more than half of their revenue from continuous compliance.

Compliance revenue potential

There's High Interest in Continuous Compliance

Providers and their clients want ongoing delivery of compliance services

Compliance work is typically made up of one-off engagements that provide limited recurring revenue potential. To remove that barrier to growth, 86% of providers offering compliance services are interested in continuous compliance as a service offerings. And 70% say their clients would also be interested in compliance and security monitoring and scoring around the clock.

Continuous compliance business outlook

Providers Are Still Using Spreadsheets to Manage Compliance

a disproportionally small percentage is using compliance automation platforms compared to overall interest

Half of the surveyed providers are still using spreadsheets to track, measure, and report on cybersecurity compliance for their clients. While 87% are open to delivering their services through a compliance automation platform, less than half are currently doing so. Overall, those using automation report faster risk assessments, higher ARR/MRR growth goals, and greater confidence in meeting those goals.

Percentage of providers using various tools and technologies

Most Providers Face Significant Compliance Challenges

five Key challenges are limiting their ability to maintain compliance for their clients

An overwhelming 85% of providers face “significant challenges” maintaining compliance for customers. Lack of resources, expertise, or technology prevent many from offering managed compliance. Others cited high costs or limited client demand. These are the same reasons 20% of providers aren't offering any compliance services at all.

Key compliance delivery challenges
Additional insights

Access the Full State of Continuous Compliance Report

Get your copy of the complete report for additional insights that will help you go to market more effectively with security and compliance solutions.  

The State of Continuous Compliance Report
The Apptega difference

Our Partners Have More Optimistic Goals & Outcomes

In an increasingly commoditized market, our partners are delivering continuous security and compliance offerings that set them apart from the competition and maximize growth opportunities. Learn more about how Apptega partners compare in the full report.

01 - More of their revenue comes from compliance.
02 - More of their compliance revenue is recurring.
03 - They have higher ARR/MRR goals.
04 - They're more confident in meeting their ARR/MRR goals.
05 - They're more likely to view compliance as high-growth.
06 - They see more value in continuous compliance.
07 - Their clients are more interested in compliance.
08 - They're more open to compliance automation.

Want to learn more about Apptega?

See our Continuous Compliance Platform in action with a curated product demo.