Governance, Risk, and Compliance (GRC) Solutions

GRC is the ecosystem of software and technology products that enable enhanced risk management, regulatory compliance and corporate governance. We believe the maturation and adoption of the GRC category broadly is still in the relatively early innings, and expect technology solutions to become an increasingly important element of organizational controls.

Company Introductions Customizable Heading

Duo Security

Thesis Overview

  1. Large addressable market with a durable adoption story driven by a number of prevailing macro trends
    • The global GRC market is estimated to be ~$12B today, and is predicted to reach ~$15B by 2025
    • GRC software growth is driven by increasing regulatory pressure, data volumes, cyber attacks, stronger stakeholder
      desire for visibility, and evolving supply chain complexity
  2. Regulation-driven adoption story provides stable runway for organic and inorganic growth
    • Intensity of regulations serves as a key trigger in driving usage of GRC software, as stringent regulations incentive
      firms to streamline oversight over GRC protocols
    • Financial services and healthcare have been biggest users historically, but usage is growing in other verticals
  3. Supply chain complexities and inadequate controls necessitate improved vendor risk management
    • Recent product shortages and long lead times have led many companies to expand their vendor footprint, introducing
      additional complexity and supply chain risk. As the number of vendors grows, particularly across multiple geographies,
      managing increasingly complex and diverse third-party vendor risk is core to business operations
  4. Segments of Interest: Third Party Risk Management, Workplace Health & Safety, Reporting & Audit
    • Third Party Risk: Provide system to proactively managing impending changes and risks to vendors and third-parties,
      reducing risk of negative repercussions
    • Workplace Health & Safety: Fragmented area of the market that remains underpenetrated and is high value-add given
      increasing compliance burdens and higher frequency of brand damaging events
    • Reporting & Audit: Streamlines auditing process (compliance, financial, and operational audits), resulting in a retentive
      product given mission-criticality

GRC Software Market Sizing

The overall GRC market provides an opportunity to invest in a stable, growing market with opportunity to take market share from legacy, services-oriented incumbents that are inadequately handling the growing complexities facing large, regulated companies

Drivers of the Need for GRC Software

Improved Efficiency for Heavily Regulated Industries

More regulated industries, such as utilities, healthcare, and financial services typically place greater emphasis on strong risk management infrastructure, driving the need for sophisticated GRC software with enhanced compliance and reporting

Risk History

Organizations or industries that have a pattern of risk-issues and may have faced significant impact to the business as a result of prior approaches, typically invest in more sophisticated GRC software with strong alerts and defensive features

Large Organizations

Typically, larger organizations have complex risk management approaches, given the significant number of constituents, stakeholders and corresponding sources of risk, which drives the need for an integrated GRC system