The Forrester Tech Tide™: Risk And Compliance Management, Q2 2018

We recently published our Tech Tide™ report outlining 14 key risk and compliance technologies to track in 2018.

One of the challenging parts of this research is setting the right scope. We found risk and compliance technology everywhere, covering every industry, region, and niche use case.

Risk pros face a similar obstacle: Relevant technology is spread across the organization among disparate systems unconnected to the next; meanwhile, new technology rolls out, piling on top of the rest.

The 14 Technology Segments

Our Tech Tide seeks to counter this technology overload. We sift through the market noise to help you optimize your technology investments. We project market maturity and business value and advise you to either invest, maintain, experiment, or divest each of the technologies below:

  1. Audit management
  2. Compliance training
  3. Cyber risk quantification
  4. Digital risk protection (DRP)
  5. Enhanced due diligence
  6. Environmental health and safety (EHS) management
  7. Governance, risk, and compliance (GRC) platforms
  8. Physical risk intelligence
  9. Regulatory intelligence and change management
  10. Risk analytic tools
  11. Security training and simulation
  12. Third-party cyber risk scoring
  13. Third-party risk management
  14. Travel and expense (T&E) compliance management

Key Trends

As we mapped the 2018 risk and compliance technology ecosystem, we found that:

  • Risk analytics is a core driver of current and future business value. Current customers believe that risk analytics, risk intelligence, and cyber risk quantification are the innovation areas most likely to add business value. They see these enhancements generating higher levels of operational efficiency and, most importantly, leading to better executive and strategic risk decision making.
  • Risk and compliance tech serves a wide swath of roles and functions. A variety of security, risk, and compliance organizations actively use and benefit from these solutions. More surprisingly, other business stakeholders in marketing, privacy, corporate development, and executive management are more involved and more frequent users.
  • Risk leaders must continue to push the envelope with emerging tech. Augmented reality, robotics, AI, intelligent agents — they’re not as far off as you might think. They bring new risks but also new rewards for risk pros (e.g., better data collection, control enforcement, or automated tasks or decisioning). Remain wary of overblown hype, but find ways to take on an innovator’s mindset.


Check out the full “The Forrester Tech Tide™: Risk And Compliance Management, Q2 2018” report for our complete analysis — including our adoption guidance and detailed technology charts.

Follow me on Twitter (@nickhayes10) and keep the conversation going!