In their latest report, “The State of GRC 2025: From Cost Center to Strategic Business Driver,” Drata has shed light on the evolving dynamics within the GRC sector.
The findings reveal that a robust GRC framework is no longer just a regulatory requisite but a cornerstone for fostering long-term business success and customer trust.
The survey, involving numerous GRC professionals, indicates that 96% recognise the intensified focus on GRC due to high-profile data breaches and hefty compliance fines. Moreover, the rapid integration of artificial intelligence (AI) and tightening global regulations are compelling businesses to navigate a labyrinth of requirements aimed at safeguarding sensitive data and promoting ethical practices.
Key insights from the report underscore the significant repercussions businesses face due to inadequate compliance measures, with 51% of participants citing brand safety and reputation risks, and 49% experiencing security or data breaches. A worrying 48% of GRC professionals find it challenging to keep pace with updates to compliance frameworks and identifying critical areas that need attention.
Furthermore, the report unveils that while 46% of respondents believe AI can enhance regulatory compliance, concerns are growing over AI biases potentially distorting GRC decision-making (43%) and AI-generated errors in guidance (39%). Despite these challenges, there is an overwhelming consensus among professionals—98% agree—that achievements in GRC are crucial to communicate to customers and stakeholders, thereby reinforcing internal and external trust.
Drata’s VP of Security and CISO, Matt Hillary, emphasized the urgency for GRC teams to adapt, “Governance, risk, and compliance has long been a pain point for organizations, and despite the improvements we’ve seen in recent years, it’s clear many of those challenges still exist today, making it difficult for business to properly maintain their GRC program and effectively maintain trust. In addition to adding more compliance frameworks to their program, security and GRC teams should anticipate significant changes to the GRC function as a result of AI. GRC teams who aren’t prepared for these changes will experience major roadblocks with scaling their compliance programs and up-leveling their organizations to meet these demands.”
Copyright © 2025 RegTech Analyst
Copyright © 2018 RegTech Analyst
