Businesses are seeing more than ever RCMP (Governance, Risk and Compliance) as a holistic process and take steps to obtain a comprehensive view of their risk environment and compliance obligations, according to Hyperproof.
Centralized GRC Strategy Grows
Centralizing strategy, unifying risk and compliance data, and rethinking the approach to cybersecurity are becoming increasingly popular strategic goals among respondents, particularly with the rise of security technology. AI that eliminates barriers and promotes collaboration between different GRC functions. This means that the criteria by which GRC technology is evaluated in the purchasing cycle is rapidly expanding.
55% of respondents view risk and compliance management as integrated activities, but 48% of respondents face the difficulty of switching between multiple systems to risk management.
70% currently use GRC software to monitor security controls and report compliance status, and 28% plan to evaluate this software in 2024.
83% of respondents have a centralized GRC program, but only 18% have linked risk and compliance activities. 46% of respondents using an integrated, automated GRC tool have experienced a breach, compared to 78% of those not using a GRC tool, and 60% plan to spend more time on IT risk in 2024.
Walking the tightrope of using AI in cybersecurity
It is not surprising that AI in cybersecurity presents a complex duality: AI simultaneously introduces new business risks while streamlining workflows for GRC professionals and helping to stay abreast of innovative new cyberattacks, such as deep fakesmore advanced phishing emails, better password identification, neutralization of commercially available security tools and much more.
Regulators around the world have spent much of 2023 trying to understand how they should respond to the myriad cybersecurity, privacy, economic and ethical risks that AI raises. They started to act towards the end of the year. The growing presence of global regulatory bodies requires that organizations supporting AI claims be transparent and provide proof of their AI capabilities.
Organizations need to stay ahead of the latest advancements in AI to make informed decisions and leverage its transformative capabilities while keeping AI misuses in mind.
While AI presents a host of new risks, respondents also use it as a strength accelerator. Integrating AI algorithms and machine learning methods allows GRC professionals to proactively report the effectiveness of controls against cyber threats such as malware, ransomware and social engineering attacks .
The need for transparent GRC solutions is growing
More and more GRC professionals are working to actively reduce the data silos between risk management and compliance operations to gain a clearer view of their true compliance posture.
Only 19% of respondents manage IT risks in siled departments, processes or tools, a decrease of 31% from 2023, and 18% of respondents have an integrated view of managing their unique set of risks, an increase of 80% compared to 2023. year.
“Each year, our benchmark report provides invaluable insight into the evolving priorities and challenges facing IT and GRC professionals,” said Kayne McGladrey, Field CISO at Hyperproof. “This year’s results highlight the growing need for organizations to streamline their GRC processes and adopt integrated solutions to manage the complex risk and compliance landscape.
“These statistics highlight a clear trend toward a more unified approach by the RCMP,” added McGladrey. “It is clear that organizations are prioritizing collaboration and transparency in their risk management efforts, signaling the need for GRC solutions that can adapt to these changing demands.
