Worldwide revenues for governance, risk, and compliance (GRC) software experienced healthy growth in 2020, growing 8.2% year over year, despite concerns of a market downturn resulting from the COVID-19 pandemic.
At the same time, the pandemic highlighted the need for better coordinated GRC solutions, which is driving further investment. A new forecast from IDC shows global GRC revenues growing from $11.3 billion in 2020 to nearly $15.2 billion in 2025.
Drivers of opportunities
While the GRC market has experienced a drastic transformation over the past several years, the COVID-19 pandemic elevated the focus on risk areas and threats to business continuity.
In addition, the regulatory environment has both expanded and become more stringent, particularly around privacy, placing greater pressure on enterprises and their compliance capabilities.
Corporate boards are facing new directives on environmental and social responsibility from investors and consumers that is forcing them to redefine how enterprises approach governance.
Given the demand for solutions, IDC expects all categories of GRC to increase in revenue over the forecast period. The fastest growth will be in the business continuity and ESG/CSR categories, followed by compliance and risk management. Evolving categories, such as privacy, third-party risk management (TPRM), and environmental, health, and safety (EHS) are also expected to experience solid growth.
New leash in life?
IDC research manager for Governance, Risk, and Compliance, Amy Cravens, says the GRC market is positioned for significant growth as companies seek ways to automate and manage the complexities of expanding governance, risk, and compliance mandates.
"Understanding how businesses are consuming these solutions and their preferences for packaging and deploying services will help solution providers tailor offerings to meet market demand," she continued.
GRC in the US – what can we learn
To better understand the current state of the enterprise GRC market, IDC recently surveyed more than 200 GRC users in the United States. The survey found that nearly two-thirds of organizations currently use multiple GRC solutions with some companies deploying five or more.
And enterprises with a higher number of GRC solutions tend to have a lower rate of integration across these solutions. This indicates that enterprises with the highest spending on GRC may not be implementing GRC in an efficient manner and leveraging that investment across the organization.
Other key findings
Most companies plan to increase their GRC spending over the next three years with IT & Security Risk Management the top area for planned investment.
Most companies are striving to integrate their GRC solutions more fully but remain divided on the question of custom versus out-of-the-box solutions. Siloed solutions are generally unpopular.
While nearly one-third of respondents require GRC solutions to be deployed on-premise, one half expects the use of cloud-based solutions to increase over the next three years.