Last week, Gartner released its annual Hype Cycle for Governance, Risk & Compliance (GRC) Technologies. In the report, we analyze the trends in the evolving GRC market and what end-users of GRC technologies can expect in the next few years. Simply put, GRC technologies support the simplification, automation, and integration of enterprise, operational, and IT risk management processes and data. Risk and security professionals should use Gartner’s Hype Cycle for GRC Technologies to identify solutions to fulfill this need.
According to Gartner’s 2015 CIO Survey, digitalization is creating new and higher levels of risks. In fact, 89% of CIOs in the survey reported that the “digital world” is creating new types of risk, while 69% reported that investments in risk management are not keeping pace. Companies will need to invest in new and innovative GRC technologies, while effectively maintaining their current GRC application portfolios.
These new risks require a shift in how GRC is viewed by most companies. As GRC technology has evolved over the past decade, most companies used the software to support a “rear-view mirror” approach to risk management that focused primarily on compliance. This approach led to a backwards view of GRC (see picture below) with risk and governance following compliance in both emphasis and importance. However, as we have seen with many recent digital risk events like the Target data breach, simply complying with industry standards like PCI is not sufficient.
Our hype cycle highlights GRC vendor solutions that provide a “forward-looking” approach to risk management that goes beyond simply complying with the latest regulation or industry standard. Areas such as IT risk management (ITRM), vendor risk management (VRM) and digital GRC are critical components of the evolving digital business landscape.
At the same time, companies continue to struggle with the ever-increasing complexity of regulatory compliance and legal requirements. Areas such as managed GRC services, privacy management and enterprise legal management are driving the demand for GRC technologies to support organizations’ legal and compliance functions.
The need for GRC technologies is rapidly increasing as more companies transition to the new digital business world. At Gartner, we are here to guide our clients along the path to managing their digital risks successfully.
Category: cyber-risk digital-risk enterprise-risk-management grc information-technology it-risk-management it-vendor-risk-management legal-risk operational-risk-management risk-management security security-of-applications-and-data strategic-risk technology-and-emerging-trends
Tags: digital-risk-2 grc grc-software
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.