ATLANTA--(BUSINESS WIRE)--Jul 29, 2025--
Apptega, the leading security, compliance and risk platform for service providers, today released the findings of its second annual State of Continuous Compliance Report. The findings point to a maturing but crowded market, with 87% of security providers now offering compliance services, primarily delivered as consultative and advisory work.
However, with the majority of security providers offering compliance, 31% of providers report average or lower ability to differentiate, and one in three struggle to consistently show value and ROI, limiting cross-sell potential and long-term engagement. Cementing these challenges, just one-in-four providers met their recurring revenue targets in 2024 – highlighting the difficulty of creating a scalable business model.
“As compliance becomes mission-critical for organizations of all sizes, security service providers are adapting, but not without friction,” said Rahul Bakshi, chief product officer at Apptega. “While the State of Continuous Compliance Report data shows demand is real, most providers haven’t yet unlocked scalable delivery, sustainable recurring revenue, or the market positioning needed to fully capitalize on compliance as a growth engine. For those that have, the payoff is clear.”
While the 2024 report showed 70% of providers were optimistic for double digit ARR growth, this year’s survey data suggests economic pressures may have driven compliance buyers toward short-term or project-based services that factored into recurring revenue shortcomings. However, it is notable that service providers offering compliance as a managed service are outperforming their peers on recurring revenue: 44% of managed compliance providers surveyed say at least a quarter of their compliance revenue is recurring, compared to just 28% of consulting-first firms.
Leading providers in the 2025 report pair strong compliance offerings with automation, streamlined and ongoing managed services delivery, and the ability to connect compliance to broader security and business outcomes. While this year’s report showcases encouraging movement toward automation, with more providers now using GRC and compliance automation platforms as their primary delivery tools, spreadsheet use increased this year, signaling that many providers are still navigating the shift from ad-hoc processes to scalable systems. To get ahead, providers must exemplify how their delivery of compliance services enables continuous delivery of compliance as a managed service that reduces an end customer’s overall business risk.
Additional Key Findings from the 2025 State of Continuous Compliance Report:
- 90% of providers say they face challenges differentiating and standing out in a crowded market.
- 87% say automation is a high priority, yet manual workflows remain common.
- 66% primarily use a GRC or compliance automation platform, while 16% still rely on spreadsheets as their main tool.
- Spreadsheet usage is up 50 percent year over year (as a secondary tool).
- Providers with stronger perceived differentiation tend to use GRC/compliance automation platforms or custom-built solutions to deliver compliance services.
“Client demand for continuous compliance, better risk management, and improved visibility into security maturity is rising fast – as is pressure for providers to turn it into scalable, recurring revenue,” said Dave Colesante, CEO at Apptega. “Delivering a clear, actionable roadmap showing where they are today and how you’ll help close gaps, both technically and from a business perspective, requires an end-to-end solution that spreadsheets and disconnected tools simply can’t match.”
“Continuous compliance management is a critical defensive measure to reduce overall business risk in an aggressive cybersecurity landscape. While there will always be organizations approaching compliance as a check box exercise, security providers working with customers to operationalize it as a continuous process and close companion to security will see the greatest recurring revenue success," concluded Bakshi.
The 2025 State of Continuous Compliance Report is based on a survey from February to April of 2025 of practice leaders and senior operators at more than 150 providers that offer security services. To learn more about the report and download a full copy, please visit this page.
About Apptega
A perennial G2 leader across various risk management categories, Apptega is the end-to-end cybersecurity compliance platform that security-focused IT providers and in-house teams use to build and manage cybersecurity compliance programs simply, quickly, and affordably. It’s trusted by hundreds of MSSPs, MDR companies, and security-focused MSPs that are growing lucrative security and compliance practices, creating stickier customer relationships, and winning more business from competitors. To learn more, visit apptega.com.
View source version on businesswire.com:https://www.businesswire.com/news/home/20250729389945/en/
KEYWORD: GEORGIA UNITED STATES NORTH AMERICA
INDUSTRY KEYWORD: CONSULTING DATA MANAGEMENT TECHNOLOGY PROFESSIONAL SERVICES SECURITY OTHER TECHNOLOGY SOFTWARE ARTIFICIAL INTELLIGENCE OTHER PROFESSIONAL SERVICES NETWORKS HARDWARE
SOURCE: Apptega
Copyright Business Wire 2025.
PUB: 07/29/2025 09:00 AM/DISC: 07/29/2025 09:02 AM
http://www.businesswire.com/news/home/20250729389945/en
