Governance, Risk and Compliance has been an area of concern for usually the Enterprise level organizations.However, the current scenario is changing, SMBs are also affected. Typically, small businesses are distinguished as having fewer than 100 employees or less than $50 million in revenue, and midsize companies as being between 100-999 employees and between $50 million and $1 billion in revenue. Anything bigger than that is distinguished as a Big Enterprise. The SMB (Small & Medium Businesses) sector used to get by having very basic compliance controls and governance.
That changed with Covid-19. The workforce got scattered, the idea of working in a secure, sanitized environment was suddenly lost. All the internal controls & protocols that the companies had implemented was now not applicable to the decentralised assets and resources. The Enterprises coped better compared to the SMBs owing to better governance. Over two thirds of SMBs have experienced a data security incident in the past 12 months, incurring an average cost of nearly €220,000 ($227,014), said ESET, a global leader in cybersecurity.The latest ESET Threat Report data also shows a 20% year-to-date increase in 2022 in threat detections compared to last year. As many as 83% of the polled businesses believe that “cyber-warfare is a very real threat that can impact everyone,” suggesting that the ever-growing threats are significantly affecting SMB sentiment. Also, 74% of SMBs in North America and Europe believe that they are more vulnerable to cyberattacks than enterprises.
Years back, the implementation of GRC software in SMBs was a costly affair. It used to be difficult to convince the board members to invest in GRC software rather than the bread and butter of the business. Wherever, it was given the nod, it was still more of a manual process. Sometimes excel sheets were created to ensure basic cybersecurity requirements were being met. It used to be more a checklist to tick off rather than a continuous process of identifying, detecting & responding to the ever-evolving threats.
Today, the market has changed. The GRC software market size has grown in leaps and bounds. According to some of the more aggressive estimates, the compound annual growth rate (CAGR) was estimated to be 14% while the conservative ones have it around 10%. Either way, that is immense potential to grow. With the dollar value estimates at $8 Billion to somewhere around $12 Billion, there have been hordes of GRC software companies launching their products recently.
Most of these have understood the immense potential of the SMB market and have tweaked their products accordingly. Some of the more well-known products are:-
· AuditBoard
· ZenGRC
· Diligent HighBond
· StandardFusion
· Resolver
With user friendly interfaces for their products, the GRC software serve as a single source of truth. Whether it is a risk triggered from Compliance Audits, IT Risks or Third-Party risks, these solutions allow them to be viewed in a single risk register across the organization. The very informative dashboards provide a holistic view of the organization. Some even offer direct integrations with JIRA, ServiceNow or any other ITSM tool that the SMBs use. The ease of use, flexibility backed with assistance from the Subject Matter Experts of these providers, is helping SMBs drive adoption.
There is a lot more awareness in the SMBs about the GRC software and price that you have to pay for the lack of it. There is almost a GRC software provider to fit each company’s exact needs today!
Are you part of a SMB? Do you agree that SMBs need to step up and increase the adoption rate? Let us know your thoughts.