• Sign In
  • Get Started
HomeBlogNavigating the Future of GRC

Navigating the Future of GRC: Top Insights for 2025

Our recent webinar, Navigating the Future of GRC: Top Insights for 2025, explored the trends, challenges, and opportunities shaping the future of GRC, offering actionable insights for professionals navigating this dynamic space.
Media - Image - Shera Brady

by Shera Brady

December 23, 2024
Navigating the Future of GRC Feature
Contents
Key Trends Shaping GRC in 2025Building Resilience with Technology and StrategyActionable Insights for GRC Professionals

As we approach 2025, the governance, risk, and compliance (GRC) landscape is rapidly evolving. 

Our recent webinar, Navigating the Future of GRC: Top Insights for 2025, featuring industry experts Matt Hillary (CISO, Drata), Jonathon Harbin (Principal Practice Manager, AWS), and Danny Manimbo (Principal AI Assessment, Schellman) explored the trends, challenges, and opportunities shaping the future of GRC, offering actionable insights for professionals navigating this dynamic space.

We’re going over some key takeaways from their conversation.

The panel opened with a retrospective look at 2024 and a forward glance into 2025. Everyone agreed there are a few themes gaining traction within the GRC space.

The Rise of AI and Automation

Danny highlighted the accelerating adoption of AI governance frameworks like NIST AI RMF and ISO 42001, which emphasize risk management, accountability, and bias mitigation. Jon emphasized the challenges organizations face when integrating AI into regulated workloads, noting the need for clear data usage and opt-out policies.

Emerging Regulatory Frameworks

Upcoming regulations like the Cybersecurity Maturity Model Certification (CMMC) 2.0 and the EU’s Digital Operational Resilience Act (DORA) are expected to significantly impact GRC strategies. Jon and Danny discussed how these frameworks will demand more rigorous risk assessments, enhanced vendor management practices, and updates to penetration testing requirements.

Environmental, Social, and Governance (ESG) Initiatives

Jon shared AWS’s approach to sustainability, including tools for carbon footprint tracking and energy-efficient architectures. He noted how ESG is transitioning from “theater” to a core enterprise priority as organizations recognize the operational and financial benefits.

Building Resilience with Technology and Strategy

The speakers underscored the importance of future-proofing GRC programs by embracing a few core principles:

  • Agility and common controls: Jon and Danny advocated for creating GRC frameworks rooted in common risks and controls, enabling adaptability to new regulations with minimal disruption. Danny emphasized the importance of breaking down silos between security, privacy, and AI governance to maintain program scalability.

  • Leveraging AI for efficiency: Matt discussed the transformative potential of AI in streamlining GRC operations, from automated third-party risk management (TPRM) to enhanced control framework understanding. He projected a bullish outlook on AI’s role in revolutionizing compliance workflows.

Actionable Insights for GRC Professionals

In a rapid-fire conclusion, the panel offered practical advice for attendees:

  • Understand business goals: Danny emphasized aligning compliance strategies with organizational objectives, such as entering new markets or industries.

  • Prioritize education: Keeping teams up to date on emerging technologies and regulations is critical for staying ahead of the curve.

  • Reframe compliance as a growth enabler: Jon encouraged fostering an executive mindset that views compliance as a tool for market expansion rather than a cost center.

As Matt aptly summarized, “Compliance isn’t just about meeting today’s standards—it’s about building a foundation that prepares us for tomorrow.”

This webinar reinforced the importance of proactive, technology-driven strategies to navigate the ever-evolving GRC landscape. Watch the full recording here.

Trusted Newsletter
Resources for you
Bridging the GRC and DevOps Gap List

From Roadblocks to Releases: Bridging the GRC and DevOps Gap

Not everyone is keen on artificial intelligence List

Not Everyone is Keen on Artificial Intelligence: Why Some Businesses are Skeptical

Boost Risk Response Rates List

Boost Risk Response Rates with GRC Automation

What is Security Posture

What is Security Posture? How to Assess and Improve it Across Your Organization

Media - Image - Shera Brady
Shera Brady
Related Resources
Bridging the GRC and DevOps Gap List

From Roadblocks to Releases: Bridging the GRC and DevOps Gap

Not everyone is keen on artificial intelligence List

Not Everyone is Keen on Artificial Intelligence: Why Some Businesses are Skeptical

Boost Risk Response Rates List

Boost Risk Response Rates with GRC Automation

What is Security Posture

What is Security Posture? How to Assess and Improve it Across Your Organization