LogicGate, the holistic GRC experts delivering leading GRC solutions for cyber, governance, risk, and compliance leaders, today unveiled the results of its 2024 GRC Strategies, Teams and Outcomes Report, conducted by independent third-party firm Osterman Research. The research revealed that one in three organizations surveyed are not currently able to proactively identify, assess, and mitigate risk with their GRC program, nor are they able to ensure compliance with regulations and frameworks––both key aspects of a mature, holistic GRC program. This leaves considerable room for growth as organizations continue to recognize that centralized GRC practices lead to positive business outcomes.
“Security, risk, and compliance needs look different for every organization depending on their industry and applicable regulations, among other factors,” said Matt Kunkel, LogicGate cofounder and CEO. “However, our research identified a common factor across optimal GRC programs: utilizing a single, comprehensive GRC solution to uphold program objectives that support the organization’s core business goals and desired outcomes. By using a holistic approach to streamline GRC, organizations can better mitigate risk and deliver heightened business value.”
Key findings from the report include:
- GRC is a team sport, but a unified GRC platform is a significant advantage: The majority of GRC programs are supported by multiple teams, requiring close collaboration across functions. For example, while 81% of Risk Management groups claim sole responsibility for the risk management area of a GRC program, 40% of Cybersecurity teams and 37% of Compliance teams play vital supporting roles to maximize the success of risk management activity. In addition, the report found that as the number of GRC software solutions being used by an organization increases, the efficacy of those solutions at proactively managing risk declines (59% of organizations using just one GRC solution strongly agreed that their software is effective at proactively managing risk, whereas only 15% of organizations using two GRC solutions had the same sentiment). It also found that leveraging one comprehensive GRC tool is more cost-effective, as organizations using two or more solutions spend 21% more to run their GRC program compared to those using a single solution.
- GRC spending varies widely between industries: The amount organizations spend on GRC varies between industries and organizational sizes, with the largest organizations spending the least due to their ability to achieve economies of scale. Looking at significant industry differences, financial services organizations spend a median of 1.13% of total annual revenue on GRC, while healthcare spends just 0.41%. This is somewhat surprising, as recent data indicates that the average cost of a healthcare breach is $10.93 million – far and away the highest of any industry, with finance a distant second at $5.90 million. Both healthcare and finance are subject to stringent regulations, but financial services organizations spend almost three times as much on GRC as their counterparts in healthcare.
- Cybersecurity risk and geopolitical risk top the list: Cybersecurity risk, geopolitical risk, and social and reputational risk claim the three top spots for most impactful risks and market trends expected to impact the ability of organizations to meet their strategic business objectives over the next 12 months. However, supply chain risk, a significant issue during the pandemic and its aftermath, appears to be stabilizing as the economy continues to recover. Artificial intelligence (AI) is the element with the greatest unknown and unquantified risk and may have a significant unforeseen impact. While this information does not come as a surprise, it will be important to track how these rankings evolve as AI becomes increasingly accessible and regulators continue to explore ways to govern its impact and use.
- GRC investment is largely focused on people and software: Hiring and retaining talent is by far the largest expense related to GRC, claiming 46% of GRC budget allocation. GRC software tools come in second at 18%, with organizations investing in solutions to drive their programs, align teams, and automate manual GRC processes. Additionally, 80% of organizations are either keeping the same budget allocation or increasing it over the next 12 months. The largest increases will again be seen in investments in the workforce and GRC software, with a combined net average increase of 5% and 4% respectively.
LogicGate’s 2024 GRC Strategies, Teams and Outcomes Report stems from a survey of 350 respondents in risk management, cybersecurity, and compliance leadership roles at organizations with at least 1,000 employees. Respondents came from four countries (United States, Canada, United Kingdom, and Ireland) and from across four industries (Financial Services; Healthcare; Retail; and Technology, Software, and Media).
To learn more about the increasing importance of holistic GRC in proactively managing risk and compliance processes, access the full report.
###
About LogicGate
LogicGate® is a global, market-leading SaaS company empowering customers to effectively manage and scale their cyber risk and control, third-party risk management, compliance controls, enterprise risk, and operational resilience programs. Recognized as a leading global GRC platforms, Risk Cloud® is built with usability in mind, including a no-code interface and graph-database management making the technology flexible, agile and scalable to support various levels of GRC maturity and bolster business outcomes. With an unwavering commitment to fostering business resilience in dynamic landscapes, LogicGate empowers customers to quantify risk, strengthen their security posture, and have visibility into information to create strategic advantages and support business objectives. Learn more about our solutions by visiting www.logicgate.com and/or join us on LinkedIn.
Contact
Jade Trombetta
Senior Director, Communications for LogicGate