INSIGHTS ¦ 2024 IT Risk and Compliance Benchmark Report

Link

Description

The “2024 IT Risk and Compliance Benchmark Report” provides a detailed analysis of the evolving governance, risk, and compliance (GRC) landscape, focusing on how organisations are managing IT risks and compliance challenges. It discusses trends such as the unification of risk and compliance functions, the impact of artificial intelligence (AI) on risk management, and the shift toward integrated, automated GRC tools. The report also highlights how companies are navigating increasing regulatory scrutiny, cybersecurity risks, and the adoption of AI for both risk mitigation and operational efficiency.

Key Take Aways

  1. Unification of GRC functions: 83% of respondents now have centralised GRC programmes, marking a shift towards integrating risk and compliance functions.
  2. AI’s dual role: AI is both a tool for streamlining GRC workflows and a source of emerging business risks, especially in cybersecurity.
  3. Increasing data breaches: 59% of respondents experienced a data breach in the past 24 months, a 40% increase from the previous year.
  4. Rising importance of AI strategy: 80% of respondents see AI strategy as crucial for GRC operations in 2024.
  5. Risk assessments increasing in frequency: 45% of organisations conduct risk assessments biannually, up from 27% the previous year.
  6. Manual processes remain a burden: 81% of respondents spend over 30% of their time on repetitive tasks, highlighting the need for more automation.
  7. Framework adoption: NIST CSF remains the most commonly used compliance framework, with increased adoption of NIST’s AI Risk Management Framework.
  8. Siloed approaches are risky: Companies that manage risk and compliance in silos are significantly more likely to experience data breaches.
  9. Third-party risks decreasing: Stress related to managing third-party risks dropped by 69% year-over-year, indicating improved risk management strategies.
  10. Increased GRC automation: 69% of respondents use GRC software to automate evidence collection and reporting.
  11. AI risk concerns: 79% of respondents who are extremely concerned about AI risks experienced a breach in the last 24 months.
  12. Growing regulatory complexity: Organisations are preparing for more AI-related regulations, particularly in data privacy and cybersecurity.
See also  [INSIGHTS]: Vulnerability Inclusion Handbook

Innovation

  • AI-Powered Risk Mitigation: AI is increasingly used to streamline tasks like recommending relevant controls and reviewing documentation, making GRC more efficient.
  • Automated GRC Tools: Integrated, automated GRC tools are helping companies reduce manual processes and provide continuous monitoring, enhancing risk visibility.
  • AI Risk Management Frameworks: The adoption of NIST’s AI Risk Management Framework reflects growing concerns about AI risks, demonstrating proactive efforts in managing these emerging challenges.

Key Statistics

  • 59% of organisations experienced a data breach in the last 24 months.
  • 83% of respondents have centralised GRC programmes.
  • 80% view AI strategy as important for GRC operations.
  • 45% conduct risk assessments biannually, a 27% increase from last year.
  • 69% use GRC software to automate compliance processes.
  • 81% of respondents spend over 30% of their time on manual processes.
  • 79% of respondents extremely concerned with AI risks experienced a breach.

RO-AR insider newsletter

Receive notifications of new RO-AR content notifications: Also subscribe here - unsubscribe anytime