Blog post

GRC 2020: The Approaching Year of Final Demise

By John A. Wheeler | July 15, 2019 | 0 Comments

Tech and Service ProvidersSecurity and Risk Management LeadersLegal and ComplianceIT risk managementIRMintegrated risk managementGRCEnterprise risk managementDigital riskCyber securityCyber riskCompliance managementBusiness Continuity ManagementAudit managementAudit and RiskAudit Function Strategy and ManagementAudit Methodology and Engagement ExecutionEnterprise Risk Management Program ManagementRisk Assessment Process and MethodologiesRisk CoverageRisk Response Strategies

Gartner kicked-off its global series of 2019 Security & Risk Management Summit Conferences last month in Washington, DC. It’s here where we receive direct feedback from both technology providers as well as end-users on emerging trends and technologies for security and risk management. More than 3,500 attendees participated in analyst sessions and meetings over 3 1/2 days. One of the major trends receiving overwhelming attendee support is that GRC (governance, risk and compliance) technology is quickly fading in use. Thus, we view GRC 2020 as the approaching year of final demise.

At the DC Summit, Gartner presented its long-held view and prediction that by 2021, 50% of large enterprises (greater than $1 billion in annual revenue) will use an IRM (integrated risk management) solution set rather than GRC to provide better decision-making capabilities (up from 30% in 2017). Evidence of this adoption continues to be found in our latest quarterly forecast for the IRM solution market (Gartner subscription required). The total IRM market for 2019 is $6.6 billion and on pace to grow to $8 billion by 2021.

The total IRM market for 2019 is $6.6 billion and on pace to grow to $8 billion by 2021
Source: Gartner

Further supporting this trend are the views of conference attendees. In an informal survey of risk management technology providers and end-users, 98% agreed that GRC technology is outdated and fading in importance. So, this time next year, those still using GRC technology will be few and far between.

Looking forward to seeing our attendees at our upcoming Security & Risk Management conferences across the globe. If you attend, you may receive one of our now famous #dumpGRC giveaways!

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed