Blogs

Drata Unveils new GRC Findings on AI, Regulation, and More

Grant Suneson HCM Editor, WIS & ERP Today. Email: info@erp.today
SMBs at critical risk, warns SonicWall as Cyberattack speed surges

Key Takeaways

Governance, Risk, and Compliance (GRC) is evolving from a regulatory requirement to a strategic business imperative, particularly due to increasing regulatory pressures and the rise of AI. Companies prioritizing GRC are better positioned to reduce risks, improve compliance, and build trust with stakeholders.

The integration of AI into GRC practices presents both opportunities and challenges. While a significant percentage of professionals anticipate AI enhancing regulatory compliance, concerns about AI bias and inaccuracies highlight the necessity of implementing robust AI governance to mitigate risks.

Despite the clear benefits of strong GRC practices, many organizations still struggle with compliance and face serious repercussions from poor GRC strategies, including brand damage and security breaches. Companies need to invest in automated GRC tools and foster a proactive compliance culture to navigate this evolving landscape.

Trust management platform Drata has released its latest report, “The State of GRC 2025: From Cost Center to Strategic Business Driver.” The report explores how Governance, Risk, and Compliance (GRC) professionals are navigating increasing data protection regulations, the rise of AI, and the challenges of maintaining customer trust. It highlights key trends, challenges, and future outlooks shaping GRC practices in modern businesses.

“Governance, risk, and compliance has long been a pain point for organizations, and despite the improvements we’ve seen in recent years, it’s clear many of those challenges still exist today, making it difficult for business to properly maintain their GRC program and effectively maintain trust.” said Matt Hillary, Drata VP of Security and CISO.

GRC Gains Strategic Importance Amid AI Growth & Regulatory Pressure

As AI adoption surges and global regulations tighten, companies face heightened scrutiny in protecting sensitive data and ensuring ethical business practices. According to the report, 96% of GRC professionals attribute increased attention to GRC to high-profile data breaches and compliance fines.

Explore related questions

what is this?

This is why companies need a well-structured GRC framework – it helps them align their strategic goals with legal, ethical, and security requirements, reducing financial and reputational risks, particularly as it pertains to regulatory compliance. With increasing data protection laws like GDPR, CCPA, and the EU AI Act, companies must demonstrate accountability and transparency in managing sensitive information. Failure to comply can lead to hefty fines, legal consequences, and loss of customer trust.

GRC also plays a critical role in risk management by identifying, assessing, and mitigating operational, cybersecurity, and financial risks. Organizations with a robust GRC strategy can proactively address security threats, prevent fraud, and ensure business continuity.

Additionally, GRC enhances decision-making by integrating governance policies with corporate performance. A well-implemented GRC strategy fosters a culture of accountability and ethical business practices, leading to stronger stakeholder confidence and long-term success.

Ultimately, businesses that prioritize GRC gain a competitive advantage by reducing risks, improving compliance, and strengthening trust with customers, investors, and regulators.

With businesses under growing regulatory pressure, 45% of respondents express concerns about balancing compliance with innovation, ensuring data privacy and protection, and maintaining operational resilience. As customer expectations around transparency and security increase, GRC is evolving from a regulatory requirement to a strategic enabler of long-term business success.

A staggering 98% of professionals believe GRC accomplishments should be actively communicated to customers and stakeholders to build trust and reinforce business credibility.

The Cost of Poor GRC Practices

Unfortunately, many companies still have issues implementing and adhering to successful GRC strategies. Companies that fail to maintain strong compliance postures and GRC processes experience serious consequences:

  • 51% report brand safety and reputation damage due to compliance failures.
  • 49% have suffered security or data breaches due to inadequate GRC strategies.
  • 48% of GRC professionals struggle to keep pace with evolving compliance frameworks and identifying high-risk areas.

These findings underscore the financial and reputational risks businesses face when they fail to prioritize GRC.

AI’s Role in GRC: Opportunities & Challenges

The report highlights AI’s rapid adoption in the workplace, with 100% of surveyed companies expecting an increase in AI usage among employees within the next year. However, despite AI’s growing influence:

  • 46% of professionals believe AI will enhance regulatory compliance by improving automation and risk analysis.
  • However, 43% are concerned about AI bias, which could impact GRC decision-making.
  • 39% fear AI “hallucinations”—instances where AI provides inaccurate or misleading compliance guidance.

These findings indicate that while AI offers automation and efficiency benefits, businesses must strengthen AI governance to mitigate potential risks.

“In addition to adding more compliance frameworks to their program, security and GRC teams should anticipate significant changes to the GRC function as a result of AI. GRC teams who aren’t prepared for these changes will experience major roadblocks with scaling their compliance programs and up-leveling their organizations to meet these demands,” said Hillary.

What This Means for ERP insiders

GRC as a business differentiator, companies should treat it accordingly. Drata’s report emphasizes that GRC is no longer just a regulatory requirement—it’s a business imperative. As AI integration grows and regulations become more complex, companies that prioritize strong GRC strategies will protect their reputations, maintain compliance, and build long-term trust with customers. However, only 10% of organizations have a fully prepared GRC program to manage AI-related risks.

Automation holds the future of GRC. Though more than 90% of companies acknowledge that AI and automation can be beneficial for their GRC practices, usage remains low. Fewer than 40% of companies are using automation for tools like Integrated Identity and Access Management, automated role provisioning and management, or fraud detection. Still GRC professionals are spending an average of 14 hours per week on manual interventions. This reliance on time-consuming processes indicates a pressing need for automation and AI-driven GRC solutions to enhance efficiency and accuracy.

Avoiding compromise or breaches should be a higher priority.

With roughly 50% of companies struggling to adhere to basic GRC principles, companies need to adopt an organizational attitude that prioritizes risk mitigation and compliance. Businesses must invest in automated GRC tools, AI governance frameworks, and proactive compliance strategies to stay ahead in an evolving landscape, but this can all fall flat without buy-in at every level and from every team within an organization.

YOU MIGHT ALSO LIKE
Samsara Data-Driven
BlogsData and Data Management
Adeptia’s Innovation Engine: Deepak Singh on Simplifying Data Integration for the Modern Enterprise
Oracle Invests $5 Billion to Fuel UK's AI-Driven Future
BlogsCloud Platform and Technology
Oracle Invests $5 Billion to Fuel UK’s AI-Driven Future
BlogsGovernance, Risk, and Compliance
How Wolters Kluwer leverages AI for transforming GRC Solutions

Key Topics Discussed

Follow us on LinkedIn for the latest updates