Analysis and research firm Gartner, Inc. has released the first iteration of its yearly Magic Quadrant (MQ) for Integrated Risk Management.
Every year, Gartner evaluates the strengths and weaknesses of the Integrated Risk Management solution providers that it considers most significant in the current market and provides readers with a graph—the titular Magic Quadrant— which plots those vendors based on their ability to execute their platforms and their completeness of vision.
The 16 vendors in this year’s report are in alphabetical order: ACL, CURA Software, Dell Technologies (RSA), IBM, Ideagen, Lockpath, LogicManager, MetricStream, Mitratech, Nasdaq, Resolver, Riskonnect, Rsam, SAI Global, ServiceNow, and Thomson Reuters.
Like other Magic Quadrants, the Integrated Risk Management graph is divided into four quadrants: niche players, challengers, visionaries, and leaders. Gartner stresses that it does not endorse any vendor, product, or service depicted in its research publications, regardless of their quadrant position.
The 2018 Gartner Magic Quadrant for Integrated Risk Management is the very first iteration of the report. This report evolved out of research on Governance, Risk, and Compliance technology solutions, which Gartner has shifted away from according to a blog post on the subject last year and the MQ itself.
The Integrated Risk Management MQ Report found that the IRM market is maturing and is becoming a more practical solution to governance controls. Gartner predicts the market will grow, reaching $7.3 billion by 2020. It is the largest market under the security and risk management (SRM) software ecosystem umbrella. Researchers cite a Ropes & Gray survey that found that 87% of enterprises believe “collaboration between their risk managers would improve the overall risk profile.”
At Solutions Review, we read through the full report and pulled a few of the important takeaways. Here they are:
How Gartner Defines Integrated Risk Management
According to Gartner, IRM solutions are “the combined technology, processes and data that fulfill the objective of enabling the simplification, automation and integration of strategic, operational and IT risk management across an organization.” In other words, it should provide enterprises with the tools to assess risk and control effectiveness, identify risk events, and manage remediation effort. This risk assessment must extend past the enterprise itself to third-party vendors and outsourced partners.
The Magic Quadrant report also proffers the Critical Capabilities each Integrated Risk Management solution must have:
- Risk and Control Documentation
- Incident Management
- Risk Mitigation Action Planning
- KRI Monitoring
- Risk Quantification
To be included in the Gartner MQ report for IRM Solutions, vendors must be able to “significantly address” at least 65% of those critical capabilities, have more than 200 customers for its IRM solutions, and provide IRM to multiple global regions.
Leaders, Visionaries, and Challengers
Since this is the first iteration of the Integrated Risk Management Magic Quadrant, there is no way to evaluate the market movements of the previous year until the next report. However, we can observe that the Leaders, Visionaries, and Challengers have a fairly even distribution of vendors.
ServiceNow, MetricStream, Dell Technologies (RSA), and IBM all made the Leaders Quadrant. ServiceNow received praise for its IT risk capabilities and incident management in particular. MetricStream was lauded for being appealing to new IRM buyers and for projects to modernize the technology. IBM was singled out for its geographic support, and RSA for its wide client base across multiple industry sectors.
Riskonnect, Rsam, Mitratech, and SAI Global were all named Visionaries, while ACL, Lockpath, LogicManager, Thomson Reuters, Nasdaq, and Ideagen were all placed in the Challengers quadrant.
Where is Integrated Risk Management Going?
Gartner believes that IRM will be one of the most dynamic software markets to watch over the next several years. This corresponds to their research findings confirming that enterprises feel they unprepared for key IRM domains and will need more resources in the near future.
Gartner also points out that risk management reporting will be essential to maintaining good credit ratings and receiving public accreditation. It will be interesting to see how Gartner’s predictions of the market unfold and how integrated risk management integrates with other cybersecurity solutions and platforms.
Latest posts by Ben Canner (see all)
- Next-Gen Security Analytics Should Form Your Cybersecurity Linchpin - April 19, 2019
- [VIDEO] Solutions Review Explores: What is SIEM? - April 16, 2019
- Enterprise SIEM Evolution; Cybersecurity Isn’t Static - April 15, 2019