Gartner Blog Network

Looking Ahead With Gartner’s GRC Hype Cycle

by John A. Wheeler  |  July 16, 2015  |  2 Comments

Last week, Gartner released its annual Hype Cycle for Governance, Risk & Compliance (GRC) Technologies. In the report, we analyze the trends in the evolving GRC market and what end-users of GRC technologies can expect in the next few years. Simply put, GRC technologies support the simplification, automation, and integration of enterprise, operational, and IT risk management processes and data. Risk and security professionals should use Gartner’s Hype Cycle for GRC Technologies to identify solutions to fulfill this need.

According to Gartner’s 2015 CIO Survey, digitalization is creating new and higher levels of risks. In fact, 89% of CIOs in the survey reported that the “digital world” is creating new types of risk, while 69% reported that investments in risk management are not keeping pace. Companies will need to invest in new and innovative GRC technologies, while effectively maintaining their current GRC application portfolios. 

These new risks require a shift in how GRC is viewed by most companies. As GRC technology has evolved over the past decade, most companies used the software to support a “rear-view mirror” approach to risk management that focused primarily on compliance. This approach led to a backwards view of GRC (see picture below) with risk and governance following compliance in both emphasis and importance. However, as we have seen with many recent digital risk events like the Target data breach, simply complying with industry standards like PCI is not sufficient.

Our hype cycle highlights GRC vendor solutions that provide a “forward-looking” approach to risk management that goes beyond simply complying with the latest regulation or industry standard. Areas such as IT risk management (ITRM), vendor risk management (VRM) and digital GRC are critical components of the evolving digital business landscape.

At the same time, companies continue to struggle with the ever-increasing complexity of regulatory compliance and legal requirements. Areas such as managed GRC services, privacy management and enterprise legal management are driving the demand for GRC technologies to support organizations’ legal and compliance functions.

The need for GRC technologies is rapidly increasing as more companies transition to the new digital business world. At Gartner, we are here to guide our clients along the path to managing their digital risks successfully.




Additional Resources

Five Board Questions That Security and Risk Leaders Must Be Prepared to Answer

As board members realize how critical security and risk management is, they are asking leaders more complex and nuanced questions. This research helps security and risk management leaders decipher five categories of questions they must be prepared to answer at any board or executive meeting.

Read Free Gartner Research

Category: cyber-risk  digital-risk  enterprise-risk-management  grc  information-technology  it-risk-management  it-vendor-risk-management  legal-risk  operational-risk-management  risk-management  security  security-of-applications-and-data  strategic-risk  technology-and-emerging-trends  

Tags: digital-risk-2  grc  grc-software  

John A. Wheeler
Global Research Leader - Risk Management Technology
9 years at Gartner
30 years IT Industry

John A. Wheeler is global research leader for risk management technology solutions and professional services. His areas of specialty include integrated risk management, executive leadership and corporate governance. Follow him on Twitter @JohnAWheeler Read Full Bio

Thoughts on Looking Ahead With Gartner’s GRC Hype Cycle

  1. Credential-to-vuln mapping is one of these areas, but there are many more. With the popularization of credential stuffing by threats, we have not yet seen periphery areas, such as common account take-over (ATO) solved in VM solutions, e.g., brute-force automata, et al. Some others I can think of are infrastructure-to-web (or vice versa), web-to-db, data classifiers, etc. And what of cloud? What of mobile device? What of mobile app? Web Services, Microservices, SOA, micro apps, DevOps, infrastructure-as code, and containers? How about social media security?

  2. Task of thinkers & powerful people.
    I hope u will provide me with more knowledge.

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.