User access reviews, pen tests, compliance audits, security reviews…the amount of work that security and compliance teams have to manage on a regular basis is shocking. Yet, there are actually very few sources of information on just how much time security and compliance professionals spend on different tasks. Until now.

Recently, Aptible conducted a survey with over 100 GRC professionals at B2B SaaS organizations to quantify the challenges they face, and what better would look like.

The questions we asked focused on the typical amount of time the respondents and their teams spent on different security and compliance related tasks, the types of tools they use, and what capabilities would be most valuable to them to improve their current operations.

Despite the relative maturity of many of our respondents (companies with an average of 1,000 employees), we found that half of them have very small teams dedicated to compliance: only 2 to 4 employees. And of those 53 companies with teams of 2-4 employees, almost half (23) are spending over 50 hours preparing for compliance audits! Imagine the time freed up if they could simplify and streamline their audit preparation throughout the year…


The report is an interesting snapshot into the world of GRC professionals at B2B SaaS organizations, and provides the invaluable ability for you to benchmark your own reality against those of your peers. The full report can be downloaded here on our website.

If you’re interested in participating in our next survey to be published later in Q4, click here to fill out the questionnaire. All respondents will receive early access to the report as well as the raw (anonymized) data.

If you have any questions about this survey, feel free to contact us at and we’ll be happy to assist.