Although there is awareness among businesses globally, about the value and benefits of a GRC program; nevertheless, even the digitally innate organizations, need to ensure the right degree of focus is put in understanding the evolving risk profile of the environment in which they operate. Moreover, there is a long way to go to enhance the GRC functional awareness and the realization of the significance of GRC technology requirement in an increasingly digital environment, especially among enterprises across emerging economies. According to surveys in India during FY 2016-17, over 45% of the organizations were unaware of any GRC activities, as compared to the global average of around 25% organizations, with limited or no knowledge of GRC activities.
However, with evolving digital markets, even the emerging economies are subjected to global regulatory, financial, legal, operational, and governance metrices to sustain in the increasingly global market environment. These drivers include international regulations, competitive pressures, S&P credit ratings, process optimization, and transparency to stakeholders with improved accountability to increase ease of doing business in the region. With government of India introducing bills of data localization, it is evident that post introduction of GDPR norms and with increasing digitalization, government bodies globally are considering stringent regulatory norms to enhance data security. This correspondingly bolsters the future potential of GRC technology significantly in the coming years.
Interestingly, most security breaches (more than 90%) are malware attacks which find their way mainly via emails and sometimes through social media platforms and almost 40% of the malware attacks in 2018, have been Ransomware attacks. These stats are extremely hurtful for businesses embarking upon their digital journey. Now, with growing digital transformation trend, global GRC mandates are becoming more stringent and with emerging economies also trending on the digital confluence, it is essential that GRC technologies will evolve and adoption of these technologies will be obligatory to mitigate cyber risks as well as risks of non-compliant penalties.
– Shiladitya Chaterji,
Senior Analyst– ICT,