Governance, risk and compliance (GRC) software revenues have seen an 8.2% growth year-over-year, according to new data from IDC.
Revenues are forecast to swell to $15.2 billion by 2025 — a hefty growth from the $11.3 billion seen in 2020.
IDC points to the pandemic as a major factor contributing to the growth, citing COVID-19 as a critical catalyst that elevated the focus on risk areas and threats to business continuity. The pandemic highlighted the need for better-coordinated GRC solutions, the data analyst says — which, in turn, drove further investment.
Meanwhile, a push for environmental and social responsibility initiatives from investors and consumers has forced many organisations to redefine how they approach governance.
All these factors have converged to result in all categories of GRC to increase in revenue over the forecast period, according to IDC forecasts. The fastest growth will be in the business continuity and ESG/CSR categories, followed by compliance and risk management.
Evolving categories, such as privacy, third-party risk management (TPRM), and environmental, health, and safety (EHS), are also expected to experience solid growth.
“The GRC market is positioned for significant growth as companies seek ways to automate and manage the complexities of expanding governance, risk, and compliance mandates,” says IDC research manager for GRC Amy Cravens.
“Understanding how businesses are consuming these solutions and their preferences for packaging and deploying services will help solution providers tailor offerings to meet market demand.
In an IDC survey of over 200 GRC users in the US, almost two-thirds of respondents currently use GRC solutions — and some deploy five or more.
However, those that used multiple solutions' tend to have a lower rate of integration across these solutions'. This indicates that enterprises with the highest spending on GRC may not be efficiently implementing GRC and leveraging that investment across the organisation.
Other key findings from the survey include the following:
- IT - security risk management is currently the most widely implemented GRC solution, followed by data privacy tools and management and corporate social responsibility management.
- Most companies plan to increase their GRC spending over the next three years, with IT - security risk management the top area for planned investment.
- Most companies are striving to integrate their GRC solutions more fully but remain divided on the question of custom versus out-of-the-box solutions. Siloed solutions are generally unpopular.
- While nearly one-third of respondents require GRC solutions to be deployed on-premise, 50% of respondents expect the use of cloud-based solutions to increase over the next three years.