New Research Highlights Growing Need for Holistic GRC, 33% of Organizations Cannot Proactively Manage Risk
LogicGate Report shows 59% of organizations using a single centralized GRC solution strongly agree they can effectively manage risk-- compared to just 15% of organizations using two
CHICAGO, May 21, 2024 /PRNewswire/ -- LogicGate, the holistic GRC experts delivering leading GRC solutions for cyber, governance, risk, and compliance leaders, today unveiled the results of its 2024 GRC Strategies, Teams and Outcomes Report, conducted by independent third-party firm Osterman Research. The research revealed that one in three organizations surveyed are not currently able to proactively identify, assess, and mitigate risk with their GRC program, nor are they able to ensure compliance with regulations and frameworks--both key aspects of a mature, holistic GRC program. This leaves considerable room for growth as organizations continue to recognize that centralized GRC practices lead to positive business outcomes.
"Security, risk, and compliance needs look different for every organization depending on their industry and applicable regulations, among other factors," said Matt Kunkel, LogicGate co-founder and CEO. "However, our research identified a common factor across optimal GRC programs: utilizing a single, comprehensive GRC solution to uphold program objectives that support the organization's core business goals and desired outcomes. By using a holistic approach to streamline GRC, organizations can better mitigate risk and deliver heightened business value."
Key findings from the report include:
-- GRC is a team sport, but a unified GRC platform is a significant
advantage: The majority of GRC programs are supported by multiple teams,
requiring close collaboration across functions. For example, while 81%
of Risk Management groups claim sole responsibility for the risk
management area of a GRC program, 40% of Cybersecurity teams and 37% of
Compliance teams play vital supporting roles to maximize the success of
risk management activity. In addition, the report found that as the
number of GRC software solutions being used by an organization
increases, the efficacy of those solutions at proactively managing risk
declines (59% of organizations using just one GRC solution strongly
agreed that their software is effective at proactively managing risk,
whereas only 15% of organizations using two GRC solutions had the same
sentiment). It also found that leveraging one comprehensive GRC tool is
more cost-effective, as organizations using two or more solutions spend
21% more to run their GRC program compared to those using a single
solution.
-- GRC spending varies widely between industries: The amount organizations
spend on GRC varies between industries and organizational sizes, with
the largest organizations spending the least due to their ability to
achieve economies of scale. Looking at significant industry differences,
financial services organizations spend a median of 1.13% of total annual
revenue on GRC, while healthcare spends just 0.41%. This is somewhat
surprising, as recent data indicates that the average cost of a
healthcare breach is $10.93 million - far and away the highest of any
industry, with finance a distant second at $5.90 million. Both
healthcare and finance are subject to stringent regulations, but
financial services organizations spend almost three times as much on GRC
as their counterparts in healthcare.
-- Cybersecurity risk and geopolitical risk top the list: Cybersecurity
risk, geopolitical risk, and social and reputational risk claim the
three top spots for most impactful risks and market trends expected to
impact the ability of organizations to meet their strategic business
objectives over the next 12 months. However, supply chain risk, a
significant issue during the pandemic and its aftermath, appears to be
stabilizing as the economy continues to recover. Artificial intelligence
(AI) is the element with the greatest unknown and unquantified risk and
may have a significant unforeseen impact. While this information does
not come as a surprise, it will be important to track how these rankings
evolve as AI becomes increasingly accessible and regulators continue to
explore ways to govern its impact and use.
-- GRC investment is largely focused on people and software: Hiring and
retaining talent is by far the largest expense related to GRC, claiming
46% of GRC budget allocation. GRC software tools come in second at 18%,
with organizations investing in solutions to drive their programs, align
teams, and automate manual GRC processes. Additionally, 80% of
organizations are either keeping the same budget allocation or
increasing it over the next 12 months. The largest increases will again
be seen in investments in the workforce and GRC software, with a
combined net average increase of 5% and 4% respectively.
LogicGate's 2024 GRC Strategies, Teams and Outcomes Report stems from a survey of 350 respondents in risk management, cybersecurity, and compliance leadership roles at organizations with at least 1,000 employees. Respondents came from four countries (United States, Canada, United Kingdom, and Ireland) and from across four industries (Financial Services; Healthcare; Retail; and Technology, Software, and Media).
To learn more about the increasing importance of holistic GRC in proactively managing risk and compliance processes, access the full report.
About LogicGate
LogicGate® is a global, market-leading SaaS company empowering customers to effectively manage and scale their cyber risk and control, third-party risk management, compliance controls, enterprise risk, and operational resilience programs. Recognized by The Forrester Wave(TM): Governance, Risk, And Compliance Platforms, Q4 2023 report as one of four leading global GRC platforms, Risk Cloud®, is built with usability in mind, including a no-code interface and graph-database management making the technology flexible, agile and scalable to support various levels of GRC maturity and bolster business outcomes. With an unwavering commitment to fostering business resilience in dynamic landscapes, LogicGate empowers customers to quantify risk, strengthen their security posture, and have visibility into information to create strategic advantages and support business objectives. Learn more about our solutions by visiting www.logicgate.com and/or join us on LinkedIn.
View original content to download multimedia:https://www.prnewswire.com/news-releases/new-research-highlights-growing-need-for-holistic-grc-33-of-organizations-cannot-proactively-manage-risk-302150587.html
SOURCE LogicGate
