- Major Studies
- Market Assessments
Leaders: Accenture, HCL, IBM, TCS, and Wipro
Innovators: Atos, Cognizant, DXC, Infosys, and Telefonica
Disruptors: AT&T Cybersecurity, Capgemini, LTI, Mphasis, and Tech Mahindra
Challengers: CGI, Fujitsu, Lumen Technologies, Trustwave, and Verizon
Figure 1 from the full report illustrates these categories:
Mark Gaffney, a Director with Avasant, congratulated the winners noting, "As enterprises accelerate cloud adoption, business leaders need to apply security control and compliance measures based on industry standards. Moreover, it calls for a cloud services evaluation process based on all aspects of a company's GRC requirements and policies."
Some of the findings from the full report include the following:
All businesses need a robust GRC program.
In a stringent and ever-evolving regulatory environment, enterprises are increasingly looking towards tools and platforms-based solutions to solve their GRC requirements. Increased migration to cloud and a lack of consistency and transparency among disparate business units are some other drivers.
The GRC landscape gets further complicated in global organizations, which operate across multiple borders with additive policies and controls.
Regulations such as GDPR, CCPA, and HIPAA affect all industries.
Highly regulated industries such as banking, healthcare and life sciences, and manufacturing must adhere to regulations and operate within the policy frameworks.
The key factors driving demand for GRC solutions are an increased need to protect consumer data, securing end-to-end processes across enterprises, reducing the cyberattack threat impact, and minimizing the financial impact of regulatory noncompliance.
C-level sponsorship is required to engrain GRC into a company’s culture.
Typically, GRC services implementations are championed by the compliance operations team.
It is important to secure the supply chain and the cloud environment of global organizations. This would require a thorough third-party risk management evaluation.
Service providers are driving focus on automation and new business models.
Service providers continue to invest in automation capabilities to solve business challenges. Solutions include carrying out quality assurance reviews in a shorter timeframe and streamlining and automating IT recovery processes.
Many service providers offer Chief Information Security Officer (CISO) support for end-to-end security requirements, from devising a strategy to managing operations and implementation services.