Apptega, a leading cybersecurity compliance platform, released its second annual State of Continuous Compliance Report on July 29, 2025, highlighting the growing demand for compliance services among security providers and the persistent challenges in scaling and differentiating in a crowded market. Based on a survey of over 150 security providers conducted from February to April 2025, the report underscores the shift toward continuous compliance as a high-growth opportunity, with 87% of providers offering compliance services, though many face roadblocks in achieving scalable, recurring revenue.
87% of security providers offer compliance services, mostly advisory-based.
90% face challenges differentiating in a competitive market.
44% of managed compliance providers report at least 25% recurring revenue, vs. 28% for consulting-first firms.
66% use GRC or compliance automation platforms; 16% rely on spreadsheets as their primary tool.
Spreadsheet usage as a secondary tool rose 50% year-over-year.
Only 25% of providers met 2024 recurring revenue targets due to economic pressures.
The report reveals that 87% of security providers now offer compliance services, driven by client demand for continuous compliance and better risk management. However, 90% struggle with market differentiation, and 31% report average or lower ability to stand out, limiting cross-sell and long-term engagement. “Client demand for continuous compliance, better risk management, and improved visibility into security maturity is rising fast,” said Dave Colesante, CEO at Apptega. “Delivering a clear, actionable roadmap showing where they are today and how you’ll help close gaps requires an end-to-end solution that spreadsheets and disconnected tools simply can’t match.”
Economic pressures in 2024 pushed clients toward short-term, project-based services, with only 25% of providers meeting recurring revenue targets. Despite this, providers offering compliance as a managed service outperform peers, with 44% reporting at least a quarter of their compliance revenue as recurring, compared to 28% for consulting-first firms.
While 87% of providers prioritize automation, 16% still rely on spreadsheets as their primary tool, and secondary spreadsheet usage increased 50% year-over-year. In contrast, 66% use GRC or compliance automation platforms, which correlate with faster risk assessments and higher revenue growth. “Continuous compliance management is a critical defensive measure to reduce overall business risk,” said Rahul Bakshi, Chief Product Officer at Apptega. Providers using platforms like Apptega report stronger differentiation and confidence in meeting growth goals.
Apptega’s platform supports over 30 frameworks, including SOC 2, NIST, and PCI DSS, with features like framework crosswalking, real-time scoring, and AWS Security Hub integration. Its Task Recurrence feature, launched at the SECURE COMPLY REPEAT event in October 2024, streamlines recurring compliance tasks, enhancing efficiency.
The report highlights a managed compliance gap: only 15% of providers offer compliance primarily as a managed service, despite 86% expressing interest in continuous compliance offerings. Key challenges include lack of resources (47%), expertise (59%), and technology, with 85% facing “significant challenges” in maintaining compliance for clients. Apptega’s $15 million funding round in 2024 and partnerships with MSSPs like CyberSecOp and Foresite demonstrate its focus on empowering providers to deliver scalable, high-margin compliance services.
With a $209.7 billion cybersecurity market projected to grow to $644 billion by 2029, continuous compliance offers a lucrative opportunity for providers to boost recurring revenue, margins, and client retention. Apptega’s platform, trusted by over 12,000 compliance programs, positions providers to capitalize on this demand by automating workflows and integrating with tools like Jira and Azure.
A perennial G2 leader across various risk management categories, Apptega is the end-to-end cybersecurity compliance platform that security-focused IT providers and in-house teams use to build and manage cybersecurity compliance programs simply, quickly, and affordably. It’s trusted by hundreds of MSSPs, MDR companies, and security-focused MSPs that are growing lucrative security and compliance practices, creating stickier customer relationships, and winning more business from competitors.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.