Hyperproof’s 6th Annual IT Risk and Compliance Benchmark Report Reveals an Increased Focus on GRC Maturity

Hyperproof, a trusted platform for operationalizing compliance and risk management, has released its 6th annual IT Risk and Compliance Benchmark Report today. Based on insights from 1,000 IT and GRC professionals, the in-depth report contains insights on trends shaping the GRC space in 2025.

Also Read: AiThority Interview with Anand Pashupathy, Vice President & General Manager, Security Software & Services Division, Intel

The standout finding in this year’s survey results revealed that teams are looking to mature their GRC practices. The report’s findings underscore that respondents no longer see GRC as a checkbox exercise, and instead, it has transformed into a driver of operational excellence and strategic growth. 91% of respondents have a centralized team to manage GRC, the highest number seen in the six years of this survey’s deployment. Additionally, 72% of surveyed organizations plan to grow their compliance teams in 2025 and 63% of all respondents said their GRC budgets will increase in the next 12-24 months. These are all significant steps the market is taking to mature GRC — a significant step forward from the previous year’s findings.

Additional insights from the report include:

• 60% of respondents managing IT risk ad-hoc or in siloed processes experienced a data breach in 2024 vs. only 41% of those using integrated, automated GRC tools
• 59% of respondents test all controls as opposed to only the most critical controls, up 26% year-over-year
• 55% of respondents use a common controls framework (CCF) to streamline their GRC processes, supporting the trend that using a CCF has become a standard best practice

“In 2024, organizations faced increased regulatory demands and risks, prompting a shift in governance, risk, and compliance practices,” says Kayne McGladrey, Field CISO at Hyperproof. “Organizations no longer view GRC as a cost center, but instead as a competitive advantage. With a growing focus on proactive compliance, many organizations are not only building centralized risk management teams but also increasing their investment in compliance resources and budgets.”

Also Read: AiThority Interview with Tendü Yogurtçu, CTO at Precisely

Noticing the increased focus on GRC maturity, McGladrey realized there was no tool available to help organizations assess their GRC maturity. He developed an extensive, peer reviewed GRC Maturity Model that equips organizations with the tools to make a business case for change.

McGladrey concludes, “These trends indicate a growing maturity in how organizations manage risk and compliance, focusing on integration, strategic alignment, and continuous improvement to enhance resilience and operational efficiency.”

In addition to survey data, the report includes exclusive industry insights from Hyperproof, which can be turned into actions for organizations looking to improve their GRC maturity.

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]