Unlocking GRC Insights Together: Reflections from Customer Connect 2025

We kicked things off with Michael Rasmussen, who delivered an insightful keynote on The Future of Digital Governance, Resilience, and Trust. 

Michael, who always brings a bit of fun and his personal flourish to his content, introduced the idea of GRC 7.0 – GRC Orchestrate, where agentic AI and digital twins help organisations become more proactive in managing risk.

His message really hit home: trust is the ultimate outcome of GRC. It’s what happens when governance, resilience, and accountability come together around purpose. 

It set the tone perfectly: GRC not as a tick-box exercise, but as an enabler of confidence, adaptability, and integrity in a fast-changing world. 

Our CEO Nick Rafferty and Chief Product Officer Matthew Davies then took to the stage for The Future of SureCloud. 

They talked through how we’ve evolved from our early days in penetration testing to building one of the industry’s most advanced enterprise GRC platforms, before unveiling our next big step: native Continuous Controls Monitoring (CCM). 

This wasn’t just a new feature; it was a milestone. 

From my own experience, CCM is a really important piece of the puzzle when it comes to investing in GRC technology. While it doesn’t solve everything, there will always be some controls that rely on physical checks or areas where technology can’t fully reach, it’s such a crucial step forward. 

CCM brings together automated control testing, AI-driven evidence summaries, and integrated remediation, all within the platform. The idea is simple but game-changing: to move from static snapshots of compliance to a continuous, living view of assurance and risk. 

With our event-driven architecture, organisations can now “watch the movie” of their GRC programmes, seeing how events play out rather than just where they end. The architecture has so much potential for everyone who uses it.

It doesn’t miss anything and can cope with the inevitable changes that occur in GRC programmes, unlike traditional relational data structures. It already provides a fantastic forensic timeline, and we’re excited to showcase how this will truly change the game for GRC moving forward! 

Our roadmap builds on that same energy, combining rigour with engagement: 

• Gamification to make progress more visible and motivate teams. 

• Agentic AI to automate GRC workflows while keeping human oversight. 

• Board Reporting 2.0, turning data into dynamic, story-led insights for leaders. 

• Data-Driven Coaching, using predictive models to help GRC teams act sooner and smarter. 

It’s a vision of GRC that’s continuous, collaborative, and intuitive, designed for how people actually work. 

One of the most thought-provoking sessions came from Rory Innes, who spoke on The Hidden Cyber Crisis: What Your Employees & Customers Face in Their Personal Lives. 

Rory reminded us that cybersecurity doesn’t stop at the office door. He shone a light on the personal risks people face, from romance fraud to cyberstalking, and how these experiences can spill into the workplace through stress, distraction, or loss of trust. 

Through my own volunteering, I’ve seen first-hand the impact of fraud and harassment on victims, and I know how much pain and disruption it causes. While it sometimes feels like the internet and social media have been part of our lives forever, it’s actually been a very short time for us to have culturally adapted and truly understood the risks that come with it. 

It was a sobering but vital reminder that protecting people’s well-being goes hand in hand with protecting the organisation. As Rory put it, GRC isn’t just about systems; it’s about people. 

We also shared insights from our GRC Maturity Study and Risk Reckoning 2025 report, based on conversations with 200 GRC and security leaders. The findings showed real progress, but also highlighted where there’s still work to do: 

• 75% of enterprises are now discussing GRC at board level. 

• 87% feel prepared for major events, but many still depend on spreadsheets and manual processes. 

• AI and automation are on everyone’s agenda, but adoption remains patchy. 

The message is clear: the ambition is there, but many organisations are still bridging the gap between reactive and proactive. That’s exactly the gap we’re helping to close with CCM. 

Our Chief Marketing Officer, Dan Spicer, also shared his take on The Risk Reckoning report. Drawing on interviews with a broad range of risk professionals, Dan highlighted how GRC is now recognised as a business challenge, not just a technical one. 

He also spoke about how important it is that GRC has visibility and support at every level of the organisation, from operational teams to the boardroom. It’s about embedding governance and risk into everyday business thinking, not treating them as side projects. 

One line from an attendee has stuck with me: 

“The tools are evolving, but so must the culture. Continuous assurance isn’t just technology; it’s a mindset shift.” 

That really captures what Customer Connect 2025 was all about. Whether through technology, strategy, or community, we’re all moving towards a more connected, transparent, and trusted way of managing risk. 

For everyone who joined us, thank you. You helped make these two days so inspiring. And for those who couldn’t be there, you genuinely missed something special, but the conversation is only just getting started.