New research reveals widespread delays in GRC planning, manual access governance processes, and compliance violations during modernization initiatives
Pathlock, a leader in governing and securing enterprise identity, applications, and data, announced today the release of its 2025 Digital Transformation & Access Risk Report, a governance benchmark designed to help organizations assess risk posture and prioritize controls during enterprise-wide modernization initiatives. The report reveals that nearly 40% of organizations experienced security or compliance incidents directly linked to governance gaps introduced during cloud migration.
https://mma.prnewswire.com/media/1453138/Pathlock_Logo.jpg
The report analyzes survey responses from 620 enterprise IT, compliance, and security leaders across industries including manufacturing, financial services, healthcare, and government. As organizations modernize core business functions, such as finance, HR, supply chain, and procurement, through ERP and enterprise system migrations, they face mounting complexity in managing access across hybrid environments. With regulated data flowing through both cloud and on-premises systems, the need for automated, scalable governance has never been greater. Yet the findings show that many organizations are still relying on manual processes, delaying GRC planning, and overlooking critical controls, leaving them vulnerable to insider threats and compliance violations.
Despite the regulatory pressures many organizations face, with respondents operating under major regulations like SOX, GDPR, and others, governance is often treated as an afterthought. The report highlights a growing disconnect between transformation and governance readiness.
Key findings:
— Critical functions are in active transition: While HR and CRM are largely cloud-mature, areas like supply chain and procurement remain in migration, underscoring the need for rigorous governance and oversight.
— GRC planning lags migration pace: only 7% updated GRC controls prior to migration, while more than half (52%) failed to embed GRC strategy from the start; separately, 50% did not perform full Segregation of Duties (SoD) checks when redesigning roles.
— Lack of automation compounds the risk during and after migration: over 70% lack automated access risk analysis, user access reviews (UARs), and provisioning and de-provisioning processes.
— Delayed off-boarding multiplies risk exposure: 51% of organizations take more than 24 hours to revoke access after termination.
— Governance failures are driving incidents: 39% of organizations experienced security or compliance issues tied to governance gaps introduced during cloud migration; 21% reported compliance violations in the past year, and 17% – insider fraud.
— Insider threat rises during digital transformation: 23% experienced insider-related incidents during or after cloud migration.
“It's been nearly 25 years since Sarbanes-Oxley (SOX), yet compliance is still being ignored during major transformation projects,” said Susan Stapleton, GRC Expert at Pathlock. “Companies invest hundreds of millions into these initiatives – only to face audit failures at the end because GRC was ignored. Then, they scramble to get fixes in place, which costs them double, if not triple, what it would've taken to do it right from the start. This report should serve as a wake-up call: GRC must be built into every transformation project from day one.”
“The findings show that digital transformation, while essential for growth and innovation, is also introducing material business risk when governance lags behind,” said Chris Radkowski, GRC Expert at Pathlock. “When organizations treat GRC as a business enabler, it becomes a catalyst for achieving resilience, reducing costs, and minimizing compliance and reputational risk.”
To explore the full findings and recommendations, download the report here.
About Pathlock
Pathlock is a leader in identity and application governance, empowering Fortune 2000 organizations and the world's largest and most complex application ecosystems to meet stringent compliance requirements, including SOX, PCI DSS, HIPAA, GDPR, ITAR, EAR and more.
By delivering fine-grained identity security and governance for business-critical applications, Pathlock helps organizations reduce risk, lower compliance costs, and achieve audit and IPO readiness with confidence.
For media inquiries:
Caroline Dobynspathlock@icrinc.com
https://edge.prnewswire.com/c/img/favicon.png?sn=NY28133&sd=2025-11-19
View original content to download multimedia:https://www.prnewswire.com/news-releases/pathlocks-2025-digital-transformation-and-access-risk-report-shows-governance-failures-are-disrupting-cloud-migration-for-nearly-40-percent-of-organizations-302619278.html
SOURCE Pathlock
https://rt.newswire.ca/rt.gif?NewsItemId=NY28133&Transmission_Id=202511190900PR_NEWS_USPR_____NY28133&DateId=20251119