Governance, Risk and Compliance Services

IDC's Governance, Risk and Compliance Services program provides C-level executives and security service providers with insights into how to effectively measure and quantify cybersecurity risk and its impact to the business. A derivative of enhanced risk is trust.

Through survey research and direct dialogue with the C-suite, this program will help security services firms identify opportunities to engage with organizations around the topic of cyber governance, risk, compliance, privacy, and trust and to help market/position their cyber-risk offerings more strategically within their organizations, with a stronger alignment to business objectives.


Markets and Subjects Analyzed

The professional security services segment will cover:

  • Governance, risk, compliance, and privacy advisory and assessment services including alignment of security and business risk, stakeholder alignment, and risk modeling
  • Governance, risk, compliance, and privacy program strategy, design, and implementation services
  • Cybersecurity framework and technology requirements
  • Implementation and knowledge transfer
  • Training and staff augmentation

The managed security services segment will cover:

  • Management of the governance, risk, compliance, and privacy program on behalf of the client
  • Monitoring of risk and compliance posture for the client
  • Response as needed to remediate program gaps and deficiencies

The first-year forecast will cover top-line segments of professional cyber-risk management services and managed cyber-risk services.


Core Research

  • Cyber-Risk Survey Results
  • IDC PlanScape
  • IDC MarketScape
  • IDC TechScape
  • Market Forecast
  • Taxonomy

In addition to the insight provided in this service, IDC may conduct research on specific topics or emerging market segments via research offerings that require additional IDC funding and client investment.


Key Questions Answered

  1. What are the key cyber-risk objectives to demonstrate to the board? (Hypothetical answers include due diligence, ownership, effective management, leader and organizational talent, and cyberculture.)
  2. What are the appropriate cyber-risk escalation frameworks to determine risk appetite and reporting thresholds? How do organizations measure against these frameworks?
  3. How do cyber-risk programs and capabilities align to industry standards and peer organizations?
  4. What are the necessary third-party and supply chain cyber-risk management considerations?
  5. What is the security posture of an organization at any point in time?
  6. Do organizations have governance, risk, compliance, and privacy programs in place? How are these programs measured, and are they managed in-house or outsourced?
  7. How are cyberattacks affecting the cost of cyberinsurance and the types of cyberinsurance products?

Related Links


Meet the Experts
Philip D. Harris, CISSP, CCSK

Research Director, Risk, Advisory, Management, and Privacy