Worldwide revenues for governance, risk, and compliance (GRC) software experienced healthy growth in 2020, growing 8.2% year over year, despite concerns of a market downturn resulting from the COVID-19 pandemic.
At the same time, the pandemic highlighted the need for better coordinated GRC solutions, which is driving further investment. A forecast from IDC shows global GRC revenues growing from $11.3 billion in 2020 to nearly $15.2 billion in 2025.
While the GRC market has experienced a drastic transformation over the past several years, the COVID-19 pandemic elevated the focus on risk areas and threats to business continuity.
In addition, the regulatory environment has both expanded and become more stringent, particularly around privacy, placing greater pressure on enterprises and their compliance capabilities. And corporate boards are facing new directives on environmental and social responsibility from investors and consumers that is forcing them to redefine how enterprises approach governance.
All categories of GRC solutions are expected to increase in revenues
Given the demand for solutions, all categories of GRC are expected to increase in revenue over the forecast period. The fastest growth will be in the business continuity and ESG/CSR categories, followed by compliance and risk management. Evolving categories, such as privacy, third-party risk management (TPRM), and environmental, health, and safety (EHS) are also expected to experience solid growth.
“The GRC market is positioned for significant growth as companies seek ways to automate and manage the complexities of expanding governance, risk, and compliance mandates. Understanding how businesses are consuming these solutions and their preferences for packaging and deploying services will help solution providers tailor offerings to meet market demand,” said Amy Cravens, research manager, Governance, Risk, and Compliance at IDC.
To better understand the current state of the enterprise GRC market, IDC recently surveyed more than 200 GRC users in the United States. The survey found that nearly two thirds of organizations currently use multiple GRC solutions with some companies deploying five or more.
Enterprises with a higher number of GRC solutions tend to have a lower rate of integration across these solutions. This indicates that enterprises with the highest spending on GRC may not be implementing GRC in an efficient manner and leveraging that investment across the organization.
Other key findings
- IT & security risk management is currently the most widely implemented GRC solution, followed by data privacy tools and management and corporate social responsibility management.
- Most companies plan to increase their GRC spending over the next three years with IT & security risk management the top area for planned investment.
- Most companies are striving to integrate their GRC solutions more fully but remain divided on the question of custom versus out-of-the-box solutions. Siloed solutions are generally unpopular.
- While nearly one third of respondents require GRC solutions to be deployed on premise, one half expect use of cloud-based solutions to increase over the next three years.