In the span of a week, the integrated risk management (IRM) technology market has experienced significant consolidation. Four vendors from Gartner’s inaugural 2018 IRM Magic Quadrant have joined forces to evolve their legacy governance, risk and compliance (GRC) offerings to better compete in the IRM market (see figure below).
Last Monday, market challenger ACL announced the acquisition of market visionary Rsam. Today, market visionary SAI Global announced the acquisition of market challenger Nasdaq’s Bwise group. Both acquisitions represent the maturation of the IRM market towards greater end-user adoption. In fact, Gartner predicts by 2021, 50% of large enterprises will use an IRM solution set to provide better decision-making capabilities (up from 30% in 2017). In addition, Gartner forecasts the IRM market (including consulting services and implementation) is on pace to grow from $5.3 billion in 2017 to $8.0 billion by 2021.
From a strategic perspective, both acquisitions are quite complementary in terms of addressing the four IRM integrated use cases driving end-user demand (see figure below). The combined ACL/Rsam IRM solution set will leverage strengths in the performance and assurance use cases, while the combined SAI Global/Nasdaq IRM solution set will capitalize on strengths in the resilience and compliance use cases.
Stay tuned for more action in the dynamic IRM market. As competition increases and new players seek to enter the market, there’s sure to be more consolidation and product improvement. We will also see the continued demise of the legacy GRC market. To learn more about IRM, check out my other recent blog posts on the Gartner Blog Network.
Category: audit-and-risk business-continuity-management compliance-management cyber-risk cyber-security digital-risk enterprise-risk-management enterprise-risk-management-program-management grc integrated-risk-management irm it-risk-management it-vendor-risk-management legal-risk operational-risk-management risk-assessment-process-and-methodologies risk-coverage risk-management risk-response-strategies security strategic-risk technology-and-emerging-trends third-party-risk-management
Tags: grc integrated-risk-management irm risk-management
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.