Key Findings: The Gartner 2018 Magic Quadrant for Integrated Risk Management

Integrated Risk Management Gartner Magic Quadrant 2018

Analysis and research firm Gartner, Inc. has released the first iteration of its yearly Magic Quadrant (MQ) for Integrated Risk Management.

Every year, Gartner evaluates the strengths and weaknesses of the Integrated Risk Management solution providers that it considers most significant in the current market and provides readers with a graph—the titular Magic Quadrant— which plots those vendors based on their ability to execute their platforms and their completeness of vision.

The 16 vendors in this year’s report are in alphabetical order: ACL, CURA Software, Dell Technologies (RSA), IBM, Ideagen, Lockpath, LogicManager, MetricStream, Mitratech, Nasdaq, Resolver, Riskonnect, Rsam, SAI Global, ServiceNow, and Thomson Reuters.

Like other Magic Quadrants, the Integrated Risk Management graph is divided into four quadrants: niche players, challengers, visionaries, and leaders. Gartner stresses that it does not endorse any vendor, product, or service depicted in its research publications, regardless of their quadrant position.

The 2018 Gartner Magic Quadrant for Integrated Risk Management is the very first iteration of the report. This report evolved out of research on Governance, Risk, and Compliance technology solutions, which Gartner has shifted away from according to a blog post on the subject last year and the MQ itself.  

The Integrated Risk Management MQ Report found that the IRM market is maturing and is becoming a more practical solution to governance controls. Gartner predicts the market will grow, reaching $7.3 billion by 2020. It is the largest market under the security and risk management (SRM) software ecosystem umbrella. Researchers cite a Ropes & Gray survey that found that 87% of enterprises believe “collaboration between their risk managers would improve the overall risk profile.”

At Solutions Review, we read through the full report and pulled a few of the important takeaways. Here they are:

How Gartner Defines Integrated Risk Management

According to Gartner, IRM solutions are “the combined technology, processes and data that fulfill the objective of enabling the simplification, automation and integration of strategic, operational and IT risk management across an organization.” In other words, it should provide enterprises with the tools to assess risk and control effectiveness, identify risk events, and manage remediation effort. This risk assessment must extend past the enterprise itself to third-party vendors and outsourced partners.

The Magic Quadrant report also proffers the Critical Capabilities each Integrated Risk Management solution must have:   

  • Risk and Control Documentation
  • Incident Management
  • Risk Mitigation Action Planning
  • KRI Monitoring
  • Risk Quantification

To be included in the Gartner MQ report for IRM Solutions, vendors must be able to “significantly address” at least 65% of those critical capabilities, have more than 200 customers for its IRM solutions, and provide IRM to multiple global regions.

Leaders, Visionaries, and Challengers

Since this is the first iteration of the Integrated Risk Management Magic Quadrant, there is no way to evaluate the market movements of the previous year until the next report. However, we can observe that the Leaders, Visionaries, and Challengers have a fairly even distribution of vendors.   

ServiceNow, MetricStream, Dell Technologies (RSA), and IBM all made the Leaders Quadrant. ServiceNow received praise for its IT risk capabilities and incident management in particular. MetricStream was lauded for being appealing to new IRM buyers and for projects to modernize the technology. IBM was singled out for its geographic support, and RSA for its wide client base across multiple industry sectors.

Riskonnect, Rsam, Mitratech, and SAI Global were all named Visionaries, while ACL, Lockpath, LogicManager, Thomson Reuters, Nasdaq, and Ideagen were all placed in the Challengers quadrant.     

Where is Integrated Risk Management Going?

Gartner believes that IRM will be one of the most dynamic software markets to watch over the next several years. This corresponds to their research findings confirming that enterprises feel they unprepared for key IRM domains and will need more resources in the near future.

Gartner also points out that risk management reporting will be essential to maintaining good credit ratings and receiving public accreditation. It will be interesting to see how Gartner’s predictions of the market unfold and how integrated risk management integrates with other cybersecurity solutions and platforms.

Other Resources:

Get Your Employees to Embrace SIEM Best Practices!

Enterprises: Don’t Become Complacent in Your Cybersecurity!

How to Make Your SIEM Solution Deployment Easier for Your Enterprise

Comparing the Top SIEM Vendors — Solutions Review

SIEM vs Security Analytics: What’s the Difference?

What’s Changed? The Gartner 2017 Security Information and Event Management (SIEM) Magic Quadrant

The 25 Best Security Analytics and SIEM Platforms for 2018

 

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner

Leave a Reply

Your email address will not be published. Required fields are marked *