Gartner Blog Network

IRM Solutions Market Will Grow to $7.3 Billion by 2020

by John A. Wheeler  |  March 20, 2017  |  1 Comment

Earlier this month, Gartner released its inaugural forecast of the integrated risk management (IRM) software solutions market. The IRM market — formerly referred to as “governance, risk management and compliance (GRC)” — is estimated to have grown by 17.4% from 2014 to 2015 and by 17% from 2015 to 2016. The market is projected to grow at a 13.4% compound annual growth rate (CAGR) to reach $7.3 billion by 2020, from $3.9 billion in 2015.

The IRM market is the largest of all the solutions provider markets covered by Gartner in the security & risk management (SRM) software ecosystem. It also ranks third highest in terms of estimated profitability margin. As a result, this is one of the most dynamic software markets within our coverage and looks to be one to watch for the next several years.

So, you may be asking, just what are IRM solutions?

Gartner defines IRM solutions as “the combined technology, processes and data that serves to fulfill the objective of enabling the simplification, automation and integration of strategic, operational and IT risk management across an organization.”

Currently, I lead our analyst coverage of the following seven market segments within the broader IRM market:

  1. Operational Risk Management (ORM)

  2. IT Risk Management (ITRM)

  3. Business Continuity Management (BCM) Planning

  4. IT Vendor Risk Management (VRM)

  5. Corporate Compliance and Oversight (CCO)

  6. Audit Management (AM)

  7. Enterprise Legal Management (ELM)

Given the size and anticipated growth of this market, we plan to provide a stronger focus on solution providers who can address these seven market segments via an integrated solution set. In December, we will publish our first Magic Quadrant for Integrated Risk Management report as well as a companion Critical Capabilities for Integrated Risk Management report. As more companies seek integrated solutions to help manage their rapidly expanding cyber risks, these reports will prove invaluable to security and risk management leaders.

To learn more, please read “Forecast Snapshot: Integrated Risk Management Solutions, Worldwide, 2017” and “Definition: Integrated Risk Management Solutions” at (current subscription required). You can also learn more about IRM by attending one of our upcoming 2017 Security & Risk Management Summit Events across the globe.


Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: audit-and-risk  audit-management  business-continuity-management  compliance-management  cyber-risk  cyber-security  cyberinsurance  digital-risk  enterprise-risk-management  enterprise-risk-management-program-management  grc  integrated-risk-management  irm  it-risk-management  it-vendor-risk-management  operational-risk-management  risk-assessment-process-and-methodologies  risk-coverage  risk-management  risk-response-strategies  security  strategic-risk  technology-and-emerging-trends  third-party-risk-management  

Tags: audit-management-2  business-continuity  compliance  cyber-risk-2  digital-risk-2  grc  integrated-risk-management  irm  legal-risk-2  risk-management  vendor-risk  

John A. Wheeler
Global Research Leader - Risk Management Technology
9 years at Gartner
30 years IT Industry

John A. Wheeler is global research leader for risk management technology solutions and professional services. His areas of specialty include integrated risk management, executive leadership and corporate governance. Follow him on Twitter @JohnAWheeler Read Full Bio

Thoughts on IRM Solutions Market Will Grow to $7.3 Billion by 2020

  1. Operating in this arena with a no-code platform based solutions (SaaS / on premises) we provide BFSI and public entities in all of the mentioned domain.
    It is interesting to notice, however, that the same technology and domain expertise lend themselves also to cyber security management and GDPR – which may become regulated topics in the near future as well.

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.