Continuous insights, data-driven decisions and improved buy-in
For our VP of Product Matthew Davies, he sees five critical challenges for the GRC market for 2024:
- Increased complexity in the technology landscape
- A lack of clear understanding/control of all business-critical assets
- An ever-evolving and more complex threat landscape
- Ever-evolving compliance requirements
- Manual and time-consuming testing and assurance processes
For Matthew, these challenges will shape the topics he expects to see under the spotlight this year and the solutions people will be seeking.
The first one Matthew highlights is the need for continuous insights and testing. “People will be looking to build a highly integrated and contextualized security and IT environment,” he explains. “They’ll want a solution that embeds real-time monitoring of critical threats and risks. They’ll also be looking for established continuous testing and validation of integral security controls and systems.”
His second prediction is a greater focus on value-based decision-making and spending. He says, “I see a greater need for a risk-based decision-making framework that users understand, along with ways to enable measurable ROI from spending. Assessments should then be done post-decision to refine that decision-making process.”
Finally, he sees more focus on improving buy-in and engagement from business leaders. This will mean creating open and two-way channels to work with security and GRC teams. It will also mean working closely with them during the assessment processes to fully understand potential risks.
Integrated GRC solutions, AI-driven analytics and ESG
Yang Zheng, SureCloud’s Senior Director of Customer Success, sees more emphasis on integrated GRC solutions, AI-driven analytics and more emphasis on ethics and ESG (Environmental, Social and Governance).
“I think there’ll be more of a push in organizations for integrated frameworks and solutions,” he says. “These should offer a holistic approach to managing a wide variety of GRC activities and provide a unified view of different risk functions and compliance obligations. They should also help to streamline processes and enhance collaboration across departments.”
Yang also notes how the use of advanced analytics (e.g. cyber risk quantification, modelling, etc) and artificial intelligence in GRC is brought up more frequently in his conversations with clients. He says, “The topics I’ve had discussions with them about include leveraging predictive analytics to identify potential risks, automating compliance monitoring, and using AI for more sophisticated threat detection.”
He observes that more GRC professionals are now recognizing the importance of ethical business practices and ESG in their organizations: “Many organizations now want to integrate ethical considerations into their risk assessments, compliance programs and governance structures to align with both stakeholder expectations and regulatory requirements.”
Proactive compliance, AI for automation and a third-party risk focus
We asked Christian Head, Senior Solutions Advisor at SureCloud, what his thoughts are about where GRC will go in 2024. For him, it’s all about getting more proactive with compliance, incorporating AI and process automation, and increased focus on third-party risk.
“The emergence of AI has brought various opportunities to the GRC market that will help to further automate time-intensive processes,” says Christian. “For example, AI capabilities could be used to assist security questionnaire responses, monitor regulatory changes, or even recommend remedial actions after performing risk assessments. Being able to layer these AI capabilities on top of GRC solutions will become standard in years to come.”
Proactive compliance is another key focus area Christian expects to gain traction. He explains, “The increase in regulatory requirements has pushed organizations to take a more proactive approach to compliance management. We’ve seen an increase in regulations covering consumer privacy, data protection and environmental sustainability. Because of this, organizations will need to prepare for the regulatory changes and be aware of any future changes to better manage their risk of non-compliance. Some of the more common capabilities that have been brought up in conversations with prospects include automated controls testing, evidence collection and horizon scanning.”
An increased focus on third-party risk management is Christian’s third prediction for GRC in 2024. He sees a continued focus on third-party oversight and monitoring, with organizations becoming increasingly reliant on third parties to assist with business operations and critical services. Because of this, he believes organizations will need a more efficient way to evaluate both third- and fourth-party risk. He notes, “Ongoing monitoring of these relationships will be crucial for obtaining real-time insights into any sort of third-party incidents and issues.”
What do you predict for GRC in 2024?
You’ve heard what our experts think, but what do you think will be key in GRC going into 2024? We’d love to hear your perspective – give us a follow on Linkedin and let us know your thoughts!
.png?width=286&height=582&name=Vector%20(7).png)
