Blog post

IRM Solutions Market Will Grow to $7.3 Billion by 2020

By John A. Wheeler | March 20, 2017 | 1 Comment

Third-party risk managementTechnology and Emerging TrendsTech and Service ProvidersStrategic riskSecurity and Risk Management LeadersSecurityRisk ManagementOperational risk managementLegal and ComplianceIT vendor risk managementIT risk managementIRMintegrated risk managementGRCEnterprise risk managementDigital riskCyberinsuranceCyber securityCyber riskCompliance managementBusiness Continuity ManagementAudit managementAudit and RiskEnterprise Risk Management Program ManagementRisk Assessment Process and MethodologiesRisk CoverageRisk Response Strategies

Earlier this month, Gartner released its inaugural forecast of the integrated risk management (IRM) software solutions market. The IRM market — formerly referred to as “governance, risk management and compliance (GRC)” — is estimated to have grown by 17.4% from 2014 to 2015 and by 17% from 2015 to 2016. The market is projected to grow at a 13.4% compound annual growth rate (CAGR) to reach $7.3 billion by 2020, from $3.9 billion in 2015.

The IRM market is the largest of all the solutions provider markets covered by Gartner in the security & risk management (SRM) software ecosystem. It also ranks third highest in terms of estimated profitability margin. As a result, this is one of the most dynamic software markets within our coverage and looks to be one to watch for the next several years.

So, you may be asking, just what are IRM solutions?

Gartner defines IRM solutions as “the combined technology, processes and data that serves to fulfill the objective of enabling the simplification, automation and integration of strategic, operational and IT risk management across an organization.”

Currently, I lead our analyst coverage of the following seven market segments within the broader IRM market:

  1. Operational Risk Management (ORM)

  2. IT Risk Management (ITRM)

  3. Business Continuity Management (BCM) Planning

  4. IT Vendor Risk Management (VRM)

  5. Corporate Compliance and Oversight (CCO)

  6. Audit Management (AM)

  7. Enterprise Legal Management (ELM)

Given the size and anticipated growth of this market, we plan to provide a stronger focus on solution providers who can address these seven market segments via an integrated solution set. In December, we will publish our first Magic Quadrant for Integrated Risk Management report as well as a companion Critical Capabilities for Integrated Risk Management report. As more companies seek integrated solutions to help manage their rapidly expanding cyber risks, these reports will prove invaluable to security and risk management leaders.

To learn more, please read “Forecast Snapshot: Integrated Risk Management Solutions, Worldwide, 2017” and “Definition: Integrated Risk Management Solutions” at (current subscription required). You can also learn more about IRM by attending one of our upcoming 2017 Security & Risk Management Summit Events across the globe.


The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed

1 Comment

  • Operating in this arena with a no-code platform based solutions (SaaS / on premises) we provide BFSI and public entities in all of the mentioned domain.
    It is interesting to notice, however, that the same technology and domain expertise lend themselves also to cyber security management and GDPR – which may become regulated topics in the near future as well.