.svg)
.png)
For a long time, compliance was treated as a periodic effort. Something you prepare for when an audit is approaching, when certification is due, or when a regulation deadline looms. The rest of the year, it lives in spreadsheets, folders, or half-forgotten documents.
Our latest user survey tells a very different story.
We surveyed 140 users anonymously at the end of 2025. Based on responses, it’s clear that compliance has become part of normal, ongoing operations for many organizations. Most respondents use Cyberday weekly or daily, and over 40% said that losing access to the tool would cause severe disruption to their operations. That kind of dependency doesn’t happen with “once-a-year projects”. It happens when something becomes operationally essential
The old compliance mindset: audits, spreadsheets, and panic mode
While considering how compliance was managed before Cyberday, a clear pattern emerged. Most relied on manual tools such as Excel, Word, SharePoint, or Google Drive and many said they had no real process at all.
This approach works only as long as compliance is seen as a temporary task. But as pressure increases and organizations grow, this model starts to break down:
📃 Information is scattered
🎩 Ownership is unclear
📊 Progress is hard to communicate
🌪️ Audit preparation becomes stressful and reactive
The survey shows that many organizations came to Cyberday specifically because their old process could no longer support the reality they were facing.
What changed: compliance moved into daily operations
One of the strongest signals in the survey is how often compliance work now happens. Nearly 80% of respondents use Cyberday at least weekly, and a significant share daily. This shows that compliance activities such as tracking controls, managing risks, updating documentation are no longer postponed until “later”.
Even more telling is how users described the impact of losing the system. The most common response was that Cyberday is essential to operations, not just helpful. That’s a clear threshold moment: compliance has shifted from a supporting task to something closer to infrastructure.
Compliance is no longer a side project. It’s operational infrastructure.
Why compliance became mission-critical
The survey responses point to several reasons behind this shift:
- Continuous regulation: Respondents work across ISO 27001, NIS2, GDPR, and emerging frameworks like DORA and CRA. These frameworks require ongoing monitoring and evidence, not static documentation.
- Living ISMS: Many users emphasized the need to build and maintain a working information security management system, rather than just “passing” a single audit.
- Visibility and accountability: Compliance status needs to be available at any moment e.g. for management, auditors, or customers, not reconstructed retroactively.
Users consistently valued structure, guidance, and clarity. Not because compliance is optional, but because it’s inherently complex and overlapping. The survey makes it clear: compliance didn’t become harder because people care less. It became mission-critical because the expectations are continuous by design
Tools shape behavior: from projects to continuous systems
Another key insight from the survey is how strongly tooling affects compliance behavior. Users repeatedly described Cyberday as the place that brings structure to something that was previously fragmented or unclear.
The most valued capabilities were:
👞 Step-by-step guidance
💪 Strong support for multiple frameworks
🔀 Multi-compliance work (as you might know, one task can support multiple frameworks in Cyberday)
💫 Centralized documentation as a single source of truth
At the same time, we appreciated how openly respondents shared points of friction. Usability, navigation, and clarity matter much more when compliance work happens weekly or daily. That honesty reinforces an important reality: when compliance is continuous, the system supporting it must be usable continuously too.
Our development team has already taken the finding into consideration, and work is underway to investigate and address the most common usability and clarity challenges raised in the survey. The feedback doesn’t just validate what works but actively shapes how Cyberday evolves as a daily operational tool.
The new standard: treating compliance like infrastructure
The takeaway from the survey is not just about Cyberday. The survey results reflect a broader shift that goes beyond any single tool. Compliance is increasingly treated like other core business functions. These functions aren’t paused without consequences. And according to users, compliance now behaves the same way. When compliance is embedded into daily workflows, removing it causes immediate disruption.
The organizations that succeed are those that stop treating compliance as a yearly milestone, and start managing it as a permanent, operational capability.
