88% of Financial Institutions Feel Audit-Ready, yet 49% Still Struggle with Privileged Access and Manual Compliance, New Survey by StrongDM Finds

StrongDM survey of 1,000 security, IT, and compliance professionals reveals 88% of financial organizations feel audit-ready, but tool sprawl and access management gaps pose ongoing risks.

PALO ALTO, Calif., July 8, 2025 /PRNewswire/ -- As financial institutions and fintech firms face increasing regulatory pressure and evolving cyber threats, maintaining continuous compliance has become more critical—and more complex. A survey of 1,000 IT, security, and compliance professionals commissioned by StrongDM, the Zero Trust privileged access company, reveals that while audit readiness confidence is high, gaps in privileged access control and automation remain persistent concerns.

Key Findings from the Survey:

• Audit Readiness: 88.4% are "very confident" they would pass a surprise audit. Yet nearly half (49.3%) still spend over 10 hours monthly preparing audit evidence, exposing a disconnect between perception and process.
• Top Compliance Challenges: Managing third-party access (35%) and tracking least privilege (24.2%) are top concerns, followed by audit log production (23.1%).
• Privileged Access Gaps: 52% manage 10–20 high-risk systems. Just 35.3% have real-time access logging, while 2.1% lack visibility into access status altogether.
• Audit Workload & Automation: 45.2% have extensively automated compliance reporting, but 49.3% still spend 10–25 hours monthly preparing audit data.
• Strategic Investments: 35.2% plan to invest in real-time audit log solutions; 25.1% in compliance automation platforms.

Audit Confidence Runs High—But Is It Justified?

While 88.4% of respondents expressed strong confidence in passing a surprise audit, the fact that nearly half still devote over 10 hours per month to manual prep—and only 45.2% have extensive automation—suggests optimism may outpace operational readiness.

"If I could fix just one thing about our compliance program overnight, it would be to have fully automated and easily auditable evidence of policy enforcement across all our systems," one respondent noted.

Complex Compliance: GDPR and ISO Ranked Toughest to Manage

GDPR (19.4%) and ISO 27001/27002 (18.2%) were ranked the most difficult regulations to manage, likely due to their documentation and ongoing controls. SOX (10.9%), GLBA (8.4%), and NYDFS (7.4%) were also cited as notable challenges.

Privileged Access Management: Still a Weak Link

While 52% of organizations manage between 10 and 20 high-risk systems, not all have robust controls:

• 35.3% automate access with real-time logs
• 30.7% rely on manual approval processes
• 33.9% use role-based access controls with limited auditability

Most concerning, 2.1% lack visibility into how long it takes to revoke access after an employee exits or changes roles.

"It takes hours and wastes time. We need to automate user revocation and access tracking," shared one participant.

Compliance Still a Time Sink

While audit preparation was deemed a priority, most survey respondents indicated that it is onerous and consumes valuable time:

• 49.3% spend 10–25 hours monthly
• 17.7% spend more than 25 hours
• Just 4.8% spend fewer than five hours

Though automation is gaining traction, many teams remain tied to time-consuming, manual tasks to achieve compliance requirements.

Investment Priorities: Automate, Simplify, Secure

Over the next year, financial institutions are directing budgets toward:

• Real-time audit logs (35.2%)
• Compliance automation platforms (25.1%)
• Automated access controls (23.8%)

Smaller allocations include identity lifecycle management (8.9%) and third-party risk monitoring (7.0%).

Bridging the Gap Between Policy and Practice

While the majority of financial services organizations feel audit-ready, the survey highlights gaps in enforcing least privilege, automating revocation, and reducing manual workloads. These gaps can hinder true continuous compliance and elevate risk.

"I would automate and streamline the access review process to ensure we can track and enforce least privilege across all systems without manual intervention," said one respondent.

Complete Study Results

For the full survey analysis, visit: https://www.strongdm.com/blog/state-of-compliance-in-financial-institutions

Methodology

The survey was conducted by StrongDM in May 2025 and included 1,000 US-based professionals in compliance, IT, and security roles at financial institutions and fintech companies. It was conducted online via Pollfish; all responses were anonymous and voluntary.

About StrongDM

StrongDM is a Zero Trust access platform that centralizes and simplifies access management across your entire infrastructure, on-premises or in the cloud. With Zero Standing Privileges and Just-in-Time (JIT) access, it enforces fine-grained, context-based policies in real time.

Connect with us on LinkedIn and YouTube or head to www.strongdm.com.

Media Contact:
Scott Mersy
CMO, StrongDM
397576@email4pr.com
(650) 273-4269

View original content to download multimedia:https://www.prnewswire.com/news-releases/88-of-financial-institutions-feel-audit-ready-yet-49-still-struggle-with-privileged-access-and-manual-compliance-new-survey-by-strongdm-finds-302499636.html

SOURCE StrongDM