19 Aug 2021

IDC Forecasts Solid Growth for GRC Solutions as Enterprises Invest to Expand and Integrate Their Governance and Risk Management Portfolios

NEEDHAM, Mass., August 19, 2021 – Worldwide revenues for governance, risk, and compliance (GRC) software experienced healthy growth in 2020, growing 8.2% year over year, despite concerns of a market downturn resulting from the COVID-19 pandemic. At the same time, the pandemic highlighted the need for better coordinated GRC solutions, which is driving further investment. A new forecast from International Data Corporation (IDC) shows global GRC revenues growing from $11.3 billion in 2020 to nearly $15.2 billion in 2025.

While the GRC market has experienced a drastic transformation over the past several years, the COVID-19 pandemic elevated the focus on risk areas and threats to business continuity. In addition, the regulatory environment has both expanded and become more stringent, particularly around privacy, placing greater pressure on enterprises and their compliance capabilities. And corporate boards are facing new directives on environmental and social responsibility from investors and consumers that is forcing them to redefine how enterprises approach governance.

Given the demand for solutions, IDC expects all categories of GRC to increase in revenue over the forecast period. The fastest growth will be in the business continuity and ESG/CSR categories, followed by compliance and risk management. Evolving categories, such as privacy, third-party risk management (TPRM), and environmental, health, and safety (EHS) are also expected to experience solid growth.

"The GRC market is positioned for significant growth as companies seek ways to automate and manage the complexities of expanding governance, risk, and compliance mandates. Understanding how businesses are consuming these solutions and their preferences for packaging and deploying services will help solution providers tailor offerings to meet market demand," said Amy Cravens, research manager, Governance, Risk, and Compliance at IDC.

To better understand the current state of the enterprise GRC market, IDC recently surveyed more than 200 GRC users in the United States. The survey found that nearly two thirds of organizations currently use multiple GRC solutions with some companies deploying five or more. And enterprises with a higher number of GRC solutions tend to have a lower rate of integration across these solutions. This indicates that enterprises with the highest spending on GRC may not be implementing GRC in an efficient manner and leveraging that investment across the organization.

Other key findings from the survey include the following:

  • IT & Security Risk Management is currently the most widely implemented GRC solution, followed by Data Privacy Tools and Management and Corporate Social Responsibility Management.
  • Most companies plan to increase their GRC spending over the next three years with IT & Security Risk Management the top area for planned investment.
  • Most companies are striving to integrate their GRC solutions more fully but remain divided on the question of custom versus out-of-the-box solutions. Siloed solutions are generally unpopular.
  • While nearly one third of respondents require GRC solutions to be deployed on premise, one half expect use of cloud-based solutions to increase over the next three years.

The IDC report, Worldwide Governance, Risk, and Compliance Software Forecast, 2021–2025 (IDC #US46971521), discusses the drivers and dynamics that had an impact on the global governance, risk, and compliance software market in 2020 and provides insight into future trends that may influence market demand over the 2021–2025 period.

The report, GRC Implementation Strategies: Solution Suites and Deployment Options to Meet Business Needs (IDC #US US48130721), presents findings from IDC's GRC Buying & Use Survey of more than 200 current enterprise GRC users. The July 2021 survey explores GRC implementation strategies in a detailed analysis including types of solutions deployed, integration of solutions, preferred solution packaging, and deployment methods.

About IDC

International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. With more than 1,100 analysts worldwide, IDC offers global, regional, and local expertise on technology, IT benchmarking and sourcing, and industry opportunities and trends in over 110 countries. IDC's analysis and insight helps IT professionals, business executives, and the investment community to make fact-based technology decisions and to achieve their key business objectives. Founded in 1964, IDC is a wholly owned subsidiary of International Data Group (IDG), the world's leading tech media, data, and marketing services company. To learn more about IDC, please visit www.idc.com. Follow IDC on Twitter at @IDC and LinkedIn. Subscribe to the IDC Blog for industry news and insights.


For more information, contact:

Michael Shirer

Amy Cravens