Ponemon released a new study on the role of Governance, Risk Management, and Compliance in organizations. And there are some interesting findings:
- 63% indicated that their GRC effort began in IT (not Legal or Finance)
- 44% of on-going GRC activity is in IT
- 76% characterize privacy as ‘very important’ in IT as opposed to 37% for Finance
- Top barrier to meeting GRC goals: lack of resources
- Primary focus area of GRC: risk management (not compliance or governance)
- Regulation most difficult to comply with: PCI-DSS (arguably one of the more specific of the regulations in terms of requirements)
These data points validate what we’ve been saying to our customers in a number of ways. We focus on managing risk more so than regulatory response and we’ve created a solution that is designed to address the ‘lack of resources’ issue. It’s also interesting how IT-centric the overall GRC programs are based on the responses. Give it a read for yourself and let us know what you think.