Navigating the Future of GRC: Top Insights for 2025
Our recent webinar, Navigating the Future of GRC: Top Insights for 2025, explored the trends, challenges, and opportunities shaping the future of GRC, offering actionable insights for professionals navigating this dynamic space.As we approach 2025, the governance, risk, and compliance (GRC) landscape is rapidly evolving.
Our recent webinar, Navigating the Future of GRC: Top Insights for 2025, featuring industry experts Matt Hillary (CISO, Drata), Jonathon Harbin (Principal Practice Manager, AWS), and Danny Manimbo (Principal AI Assessment, Schellman) explored the trends, challenges, and opportunities shaping the future of GRC, offering actionable insights for professionals navigating this dynamic space.
We’re going over some key takeaways from their conversation.
Key Trends Shaping GRC in 2025
The panel opened with a retrospective look at 2024 and a forward glance into 2025. Everyone agreed there are a few themes gaining traction within the GRC space.
The Rise of AI and Automation
Danny highlighted the accelerating adoption of AI governance frameworks like NIST AI RMF and ISO 42001, which emphasize risk management, accountability, and bias mitigation. Jon emphasized the challenges organizations face when integrating AI into regulated workloads, noting the need for clear data usage and opt-out policies.
Emerging Regulatory Frameworks
Upcoming regulations like the Cybersecurity Maturity Model Certification (CMMC) 2.0 and the EU’s Digital Operational Resilience Act (DORA) are expected to significantly impact GRC strategies. Jon and Danny discussed how these frameworks will demand more rigorous risk assessments, enhanced vendor management practices, and updates to penetration testing requirements.
Environmental, Social, and Governance (ESG) Initiatives
Jon shared AWS’s approach to sustainability, including tools for carbon footprint tracking and energy-efficient architectures. He noted how ESG is transitioning from “theater” to a core enterprise priority as organizations recognize the operational and financial benefits.
Building Resilience with Technology and Strategy
The speakers underscored the importance of future-proofing GRC programs by embracing a few core principles:
Agility and common controls: Jon and Danny advocated for creating GRC frameworks rooted in common risks and controls, enabling adaptability to new regulations with minimal disruption. Danny emphasized the importance of breaking down silos between security, privacy, and AI governance to maintain program scalability.
Leveraging AI for efficiency: Matt discussed the transformative potential of AI in streamlining GRC operations, from automated third-party risk management (TPRM) to enhanced control framework understanding. He projected a bullish outlook on AI’s role in revolutionizing compliance workflows.
Actionable Insights for GRC Professionals
In a rapid-fire conclusion, the panel offered practical advice for attendees:
Understand business goals: Danny emphasized aligning compliance strategies with organizational objectives, such as entering new markets or industries.
Prioritize education: Keeping teams up to date on emerging technologies and regulations is critical for staying ahead of the curve.
Reframe compliance as a growth enabler: Jon encouraged fostering an executive mindset that views compliance as a tool for market expansion rather than a cost center.
As Matt aptly summarized, “Compliance isn’t just about meeting today’s standards—it’s about building a foundation that prepares us for tomorrow.”
This webinar reinforced the importance of proactive, technology-driven strategies to navigate the ever-evolving GRC landscape. Watch the full recording here.