New CIO Study: GRC Challenges and Priorities for 2021

An incredibly powerful economic force, mid-market organizations employ more than one quarter of the U.S. workforce. They were integral to driving the economy forward in the years following the Great Recession and will no doubt play a key role as we look for ways to grow the economy as we recover from the COVID-19 pandemic.

For the past year, CIOs of mid-market companies have been focused on enabling seamless, remote operations for their businesses. As part of this digital transformation, their infosec teams have often scrambled to establish new security infrastructures, access points and processes for entire workforces. And they’ve had to do in days what previously would have taken months (or even years) to successfully complete.

With this heightened awareness of and focus on information security, we wondered what CIOs are struggling with in today’s “new normal” business environment. So we surveyed 50 mid-market CIOs representing IT leadership across multiple industries nationwide to understand the challenges they are experiencing, what they need to succeed and how they can better achieve their GRC goals. Here are three key takeaways:

1. The majority of CIOs are struggling with limited resources and budget.
   Regardless of the industry, they are all being asked – and expected – to do more with less, whether it’s in terms of creating secure network infrastructures, staying on top of ever-evolving regulatory changes or managing an increasingly diverse set of business risks. They can’t allow anything to fall through the cracks, which means they need to carefully manage their GRC resources and processes to ensure they are getting the most out of their investments and building more efficient GRC programs.
2. The top priority for CIOs in 2021 is to increase their GRC budgets.
   This is no surprise, considering the previous takeaway. While clearly feeling constrained by their current budgets, our CIO respondents were clear that the only way they can continue to deliver new initiatives and transformational improvements that will drive their business forward – with no interruption to current business operations – will be to invest in technologies that will improve and automate their GRC programs.
3. CIOs rank automating the GRC lifecycle the most beneficial feature of a GRC solution.
   The time- and cost-savings of automating and streamlining compliance processes and audit cycles speak for themselves. However, for a GRC program to be truly effective, it needs to empower infosec teams to quickly and accurately understand the data they control, where it exists and how to properly secure, access and manage it. A GRC solution that automatically updates frameworks and enables teams to monitor both internal and external risks across the entire organization can take GRC programs to the next level.

We’re still learning from 2020. But thanks to the rapid responses of CIOs, businesses are better-equipped to face disruptive new challenges in the years ahead. By quickly evolving their infosec strategies and harnessing new GRC technologies, mid-market CIOs have the ability to power greater business efficiencies while driving business growth.

To learn more about what CIOs are focused on in 2021 and how they plan to lead their organizations into their new normal, read our original research study Today’s CIO Imperative: Driving Greater GRC Efficiencies: How mid-market CIOs are leading GRC initiatives in the year ahead.