Dive into five GRC trends and resolutions aimed at fortifying companies against both external and internal threats.
Dive into five GRC trends and resolutions aimed at fortifying companies against both external and internal threats.

5 GRC Trends and Resolutions for a More Secure 2024

Emily Bogin |

Elevate your resilience in the new year by understanding top GRC trends, patterns, and best practices across AI, TPRM, cyber risk, and more.

As we step into 2024, technological advancements and an increasingly connected — and, therefore, increasingly risky — global environment continue to shift beneath our feet. It is no surprise that Governance, Risk, and Compliance teams are taking note. Let’s delve into five resolutions aimed at fortifying companies against both external and internal threats.

From embracing the rising use of AI in GRC to tackling cybersecurity threats, managing vendor risks, addressing people risks, and advocating for integrated technologies, these resolutions are designed to empower risk and compliance professionals in safeguarding their organizations.

Be Ready to Address the Rise of AI in Governance, Risk, and Compliance

In a world where 35% of companies are already utilizing AI in their business operations and another 42% are exploring its potential, employers can anticipate AI to play a larger role in the GRC landscape in 2024. The AI playing field encompasses various applications in GRC, from building proactive risk management programs to automating manual processes like data collection.

Meanwhile, as businesses leverage AI to elevate their GRC strategies, governments are taking note of how AI is used in the workplace. Biden’s recent executive order, for example, introduces new guidelines and standards for AI governance. It sets the stage for additional governance initiatives to follow suit, underlining the increasing importance of responsible AI use in both business and regulatory landscapes. The EU’s recent Artificial Intelligence Act similarly ups the ante for businesses and technologies leveraging AI, and sets guidelines that both defend consumer privacy as well as set penalties for infractions. As organizations actively embrace AI, the competing priorities of business innovation and governmental oversight forge a path toward a more sophisticated and ethically grounded GRC landscape that strategic companies should resolve to embrace in 2024.

Secure Your Growing Perimeter of Third-Party and Nth-Party Vendor Risk

As the business landscape expands globally, the need for comprehensive risk management extends beyond the tech stack to include third-party and nth-parties. While navigating remote work and intricate global supply chains, companies need to extend their risk management beyond their headquarters (and tech stacks). The growing ecosystem of vendors supporting core business processes demands better visibility and control over third-party and nth-party risk management. To stay compliant in today’s environment, companies must resolve to monitor their vendors’ degree of compliance as well as their own.

For instance, consider a software development company that is outsourcing a critical component of its product to a third-party vendor. While the risks associated with the direct third-party relationship are apparent, nth-party risk comes into play when that vendor, in turn, relies on subcontractors or suppliers for specific services. If your company lacks a vendor compliance policy to monitor or effectively respond to third-party and nth-party risk, you’re leaving yourself vulnerable to unforeseen costs and risks associated with non-compliance.

Companies should make a resolution to address nth-party risk, a term gaining prominence in modern risk management, which refers to the risks associated with subcontractors and suppliers within your vendor network and supply chains. To put it simply, it involves understanding the risks that extend beyond your direct third-party relationships. The resolution involves identifying, qualifying, and quantifying risks throughout vendor risk management programs, establishing a framework for constant monitoring.


Increase Your Vigilance Against Cybersecurity Threats

The recent cyber attack on MGM studios serves as a stark reminder of the real and immediate consequences of cyber attacks. The truth is, attacks not only impact an organization’s downtime but also affect investor and customer interactions. In the aftermath of the MGM breach, the consequences were profound. MGM’s website was replaced by a temporary landing page, advising visitors to contact their hotels or casinos directly by phone, their booking systems were down, and their share price took a plunge. In October, they admitted to the hack costing them $100 million.

With a reported 91% increase in ransomware attacks in March 2023 (per NCC Group), organizations dealing with sensitive data are at heightened risk. Companies must resolve to manage their risk strategies proactively, shifting the mindset from viewing threats as surprises to expecting events that affect every business. Implementing technologies that combine machine learning with constant vigilance enables organizations to identify, mitigate, and report on risks effectively.

Adding to the urgency, the Securities and Exchange Commission (SEC) is set to implement new rules in 2024 that will redefine how companies manage their cybersecurity risks. These rules will establish a legal, working definition of “materiality,” setting a legal precedent that will hold companies accountable. Specific penalties will be enforced for non-compliance with these rules.

De-risk Your Employees and Safeguard Against People Risk

Your employees are the frontline defenders of your company’s sensitive information, making the human factor a significant contributor to organizational vulnerabilities.

One prevalent challenge for many organizations is their susceptibility to phishing attacks. Without adequate awareness and training, employees may unwittingly fall victim to phishing attempts, jeopardizing the security of sensitive data. Additionally, weak password practices can create vulnerabilities, leaving the door open for unauthorized access.

The Cybersecurity Infrastructure and Security Agency (CISA) advised people to use stronger passwords, enable Multi-Factor Authentication (MFA), learn to recognize and report phishing attempts, and regularly update software as part of their mission in this past year’s Cybersecurity Month. Your organization can start supporting employees in that effort today by implementing comprehensive training or sharing educational resources on creating a more robust internal line of defense against potential threats.

Siloed Technologies (A GRC Trend We Personally Can’t Wait to Say Goodbye to!)

In 2024, it’s time to dismantle the organizational silos, cultivate collaboration, and enable your GRC technology experts to work in harmony towards a more streamlined and compliant organization.

Imagine your tech tools as separate experts for GRC functions, each responsible for a critical aspect of your company’s overall risk and compliance strategy. However, when these experts operate independently, without effective communication, it jeopardizes the holistic view necessary for robust governance and risk management framework.

In a scenario where compliance data is isolated in one system while the risk assessment team relies on another, siloed technologies result in data duplication and errors, posing significant challenges in maintaining compliance and creating a fragmented landscape prone to communication gaps.

To address this, resolve to integrate your products and teams into a more synergistic tech stack. By breaking down barriers between data privacy, IT, third-party risk management, and cybersecurity risk management, you ensure:

  • Process harmonization
  • Elevated reporting and analytics
  • Increased stakeholder confidence
  • Scalability
  • Cost savings & more

There’s more to learn regarding the benefits of an integrated governance, risk, and compliance platform. After thinking through the gains associated with integration, it just might be time to re-evaluate your GRC technology.