Cybersecurity’s Impact on Driving GRC Strategies
Key Takeaways
⇨ Define GRC’s role in cybersecurity.
⇨ Centralize your risk and compliance data.
⇨ Utilize your GRC skillsets to bolster your company’s security efforts.
Cybersecurity and Governance, Risk, and Compliance (GRC) are becoming increasingly linked both inside organizations and in vendor offerings such as SAP. From our recent GRC research, we found cybersecurity to have a major influence on the GRC strategies that SAPinsiders are deploying and the GRC-related skills they are seeking.
Increasing security threats and attacks requiring more monitoring and detection (48%) was the most cited driver for GRC strategy among our survey respondents in the report. Rapid changes within compliance and data privacy regulations (41%) were the next major driver, followed by new technology upgrades/migrations such as the move to SAP S/4HANA (39%) and the globalization of organizations opening up new compliance and audit requirements (38%).
Top GRC Strategy Drivers
Source: SAPinsider, May 2022
How Cybersecurity is Impacting GRC
GRC strategy at respondents’ organizations is increasingly driven by security threats and attacks. This area is typically handled by security departments, but GRC skills in addressing risk and access control are being tapped to assist with broadening security challenges. Cybersecurity and GRC have become so intertwined that increasing security threats supplanted new technology upgrades and migrations as the top driver from out 2021 research.
Regulatory challenges are behind other two major GRC drivers—rapid changes to data privacy regulations and globalization opening up new regulatory requirements. This highlights the challenges that businesses and audit teams face to keep up with the latest rules and laws.
Beyond the top drivers, a rise in the impact of increasing volatility of customer demand and supply chains is noteworthy. This was picked as a top driver among 27% of respondents, a big jump from just 9% a year ago. In our research with CIOs, we found that supply chain disruption was top of mind when setting their agendas. This disruption brings about risk for an organization, and that risk is moving up the list of priorities at many organizations.
As businesses go global, supply chain disruption and regulatory requirements become bigger issues. Globalization also brings more touchpoints, more potential for attacks, which increases the chance for security threats.
What This Means for SAPinsiders
Define GRC’s role in cybersecurity. GRC and cybersecurity are crossing over at some organizations, and vendors are combining the two under one umbrella. What role can GRC skillsets play in cybersecurity at your organization? It could be about risk analysis, access control or identity management. With stretched GRC professionals, it’s important to figure out what resources can be dedicated to cybersecurity.
Centralize your risk and compliance data. The best GRC teams are focused on centralizing and validating data. Risk prioritization is helpful to companies trying to optimize their risk avoidance. It’s difficult and more time-and-resource-consuming to prioritize risks across a business without a holistic view of risk and compliance information.
Utilize your GRC skillsets to bolster your company’s security efforts. Focus on cybersecurity is a primary characteristic of companies with GRC process satisfaction above the median. Determine what skillsets, such as risk analysis, can assist with cybersecurity. This makes your GRC staffers more valuable to the business. GRC groups that are more focused on cybersecurity are also more likely to see growing GRC budgets and staffs.