// INDUSTRY INSIGHT //
THE RISE OF ENDLESS AUDITING
Audits are on the rise in Europe and greater demands are now being placed on European businesses. Indeed, regular audits are now a fact of life for even SMEs. Selim Ourtani, CEO at Secrato, explores the aggressive rise of audits, what’ s causing them and how organisations can adapt.
security or compliance audit
A used to be something a business did once or twice a year at most. Even then, this was mostly an expectation for large enterprises. That’ s changing. Increasingly, businesses of all sizes are undergoing audits at levels they’ ve never seen and aren’ t prepared for.
A mix of regulatory shifts, emerging new technologies and looming cyberthreats have had a profound effect. In turn, European regulators have set into motion a new wave of compliance obligations that is having consequences all over the business world.
While only a few years ago, security and compliance audits were an occasional consideration, they are now a fact of life for many organisations. This will be a steep learning curve for many, who now not only have to ensure compliance, but ensure that they can demonstrate it at short notice.
Rising audits amount as an enterprise – compared to just two in 2024.
Emboldened regulators
The simplest explanation for this intensification of audit cadence has been the mere growth of European security regulation. Around 70 % of European organisations have been audited since the dawn of the European General Data Protection Regulation( GDPR).
//
In turn, European businesses have become more active in their compliance. Data from DLA Piper shows that in 2025, data breach notifications reached an all-time high of 443 per day. Each of those notifications will likely prompt an audit, providing some rationale for this rising phenomenon. What is true of the GDPR and its effect on auditing is also true of the European regulations that followed in its wake.
ENTERPRISES ARE STILL THE MOST AUDITED SIZE CATEGORY OF BUSINESS, BUT SMALL AND MEDIUM SIZED BUSINESSES ARE ALSO CATCHING UP.
Many organisations are reporting a sharp rise in audits over the last few years. Before that, most organisations would only have to undergo these once or twice a year, and even then, most of those were enterprises. According to one report, nearly 60 % of organisations underwent at least four audits in 2025 and 35 % conducted six or more over the same period.
Enterprises are still the most audited size category of business, but small and medium sized businesses are also catching up. In fact, according to A-LIGN’ s 2026 Compliance report, the average mid-sized business now goes through five audits a year – the same
Regulating the European supply chain
As regulators ' understanding of cyber-risk and data protection has matured, regulations have emerged which attempt to bring resilience to the region as a whole. Network and Information Security 2( NIS2), the Digital Operational Resilience Act( DORA) and the EU AI Act have all emerged in the last few years and instead of focusing on regulated organisations as discrete entities, they instead see these as part of a connected whole.
Regulators are now focusing on the regional and global linkages which define the European
Selim Ourtani, CEO, Secrato
Intelligent SME. tech
35