GRC 2019: All hands on tech

Today’s risk environment is dynamic. Businesses have to deal efficiently and effectively with a constant onslaught of new regulations, cybersecurity threats and the rise of the consumer voice via social media and sites like change.org. As such, many organisations have turned to integrated governance, risk, and compliance (GRC) technologies to help them manage risks across the entire organisation while boosting overall enterprise performance.

Forward-thinking businesses are adopting new technologies that can help employees to actively, or passively, engage with GRC processes. Many are turning to tools that have been consumerised. Good risk awareness and effective risk response requires GRC to be embedded into all processes, but employees are known to cut corners if new systems are time consuming. Technology that can enhance risk awareness and productivity, as well as create new ways of working – without impacting employees’ day-to-day responsibilities – will drive business value.

Technology plays a critical role in strengthening the monitoring and management of risks in the organisation. Integrated technology solutions offer a common platform to strengthen visibility into risks and compliance issues. They also automate processes, streamlining and reducing the costs of admin and data heavy processes as well as storing any important or relevant information in a centralised database for easy access.

Where is GRC technology heading?

Now businesses are utilising technologies to address the weak links and known unknowns that lie in 2019 and beyond. Here are a few key trends in technologies that will affect the enterprise:

Artificial intelligence as a service: going beyond the data

Over the next five years, AI specialists will continue to be a scarce resource -- something that may well be exacerbated considering Brexit. Conversely, the demand for the intelligent use of accumulated risk data will only increase. As a result, AI experts will begin to offer AI-as-a-Service (AlaaS), particularly to industries where data is too valuable not to be analysed. Healthcare and legal will be the two industries that will first adopt AlaaS to evaluate valuable GRC data, and to solve core issues in less time. The importance of taxonomy-based contextualisation and layering of human intelligence will be the most value accretive in these industries.

Cyber risks: auto-remediation leads the way

Over the next five years, AI and advanced analytics will enable cyber risk professionals to set up systems where 80 percent of incidents will be self-remediated based on past data that is automatically gathered by bots and other tools. These systems will assess cyber risks and incidents continuously to detect patterns, flag the biggest risks, and suggest mitigation paths. In fact, the cyber ecosystem will probably be the first in the organisation to run on a self-governance model wherein the entire process of risk identification, assessment, and mitigation will require minimal human intervention freeing up time to address other critical business needs.

Data: no longer the new oil

With GDPR, a new template has been made available to regulators and law makers to give online users more control over their information. We believe that the tussle between online advertisement revenue and user privacy will deepen in the next three years as both sides seek more control and power over data. A new ephemeral approach to data management, propagated by a select few organisations such as Snap and DuckDuckGo – where data is either not collected or auto-destructed in a finite period – will gain traction, and slowly become the new norm for online users and, consequently, online organisations.

With the introduction of new technologies, comes a plethora of unknown cyber risks but also a wave of new insights and solutions for businesses looking to boost performance while maintaining integrity and compliance. 2019 will see a shift towards AI – which will in turn help organisations predict and mitigate risks – and away from data, with the year anniversary of GDPR just around the corner. Indeed, businesses who embrace new technologies to support enterprise-critical activities will find themselves ahead of the curve on risk identification and compliance, as well as overall productivity.