"We’re not just checking boxes": CISOs share how GRC technology is reshaping cyber risk management
Organizations today face an increasingly complex cyber risk landscape, where threats are evolving rapidly, and regulatory requirements are becoming more stringent. Traditional approaches to risk management, often fragmented across departments, can no longer keep pace with these demands.
To build resilience and maintain compliance, organizations are turning to integrated Governance, Risk, and Compliance (GRC) technology to streamline processes, centralize risk data and provide actionable, board-ready insights.
At the recent Cyber Risk Virtual Summit — a global event that brought together more than 4,500 practitioners, executives and board directors — an expert panel of CISOs and risk management professionals shared their experiences in leveraging GRC tools to enhance visibility, automate compliance and improve decision-making at all levels.
Breaking down silos for greater risk visibility
James Wade, Chief Information Security Officer at property services provider, MCS, described how his organization faced significant challenges due to siloed risk management practices. “We were a very siloed company,” Wade explained. “We had different business units in the property preservation space, the commercial space, and now in the government space, each doing their own thing. They weren’t reporting back on the software they were using or the risks they were encountering.”
By implementing a centralized GRC software solution — the Diligent One Platform — MCS was able to unify its risk data. “We really had to pull the reins back and put an actual GRC program in place,” Wade noted. “It helped us bridge the silos, ensure everyone was aligned, and provide executives with a holistic view of our risk posture.”
Parrish Gunnels, CISO of Sunflower Bank
Navigating regulatory complexity with automation
For multinational organizations, regulatory compliance is a constant challenge. Deana Robinson, Governance, Risk, and Compliance Manager at Sonoco Products, highlighted how her company leverages GRC tools to stay ahead of regulatory changes. “We frequently receive regulatory updates from different regions,” Robinson explained. “Sometimes, a local jurisdiction sends a new compliance requirement to one of our plants, and it’s the first time we’re hearing about it. Managing these across a global company is a challenge.”
By leveraging GRC automation, Sonoco Products now receives regulatory alerts in real time, categorizes them efficiently, and initiates compliance workflows immediately. “Instead of scrambling to address compliance letters from local jurisdictions, we now have a structured system in place that alerts us proactively,” Robinson said. “It’s reduced our response time and improved our ability to demonstrate compliance to auditors.”
Driving board engagement through actionable insights
A key challenge in cybersecurity is translating technical risks into business priorities. Parrish Gunnels, CISO of Sunflower Bank, emphasized the role of GRC dashboards in bridging this gap. “There are many assessments being done across various areas, and pulling that information together to identify common threads is difficult,” Gunnels noted. “GRC tools allow us to categorize risks into clear buckets so we can prioritize them effectively.”
Similarly, Viktor Culjak, Director of Consulting at Diligent, highlighted the importance of traceability in board reporting. “Executives and board members don’t want to wade through technical jargon — they need a clear narrative that connects cyber risks to business impact,” Culjak explained.
“One of the worst-case scenarios is when you present risk data, and a board member asks how you came up with it — and you can’t explain the delta. GRC platforms like the Diligent One Platform provide that traceability and confidence in the data.”
Moving from reactive to proactive risk management
GRC technology is not just about compliance; it enables organizations to anticipate and address risks before they escalate. Wade described how his organization integrates external threat intelligence into its GRC system for continuous monitoring. “We’ve been able to automate risk assessment questionnaires and integrate them into a dashboard,” he said. “It’s eye-opening how conversations started happening across different teams once they could see how their risks impacted other parts of the organization.”
Gunnels echoed the sentiment, highlighting how automation is shifting the focus from manual data collection to strategic risk mitigation. “We’re not spending our time chasing down compliance checkboxes — we’re actively analyzing trends and making decisions that reduce risk at scale,” he said. “It allows us to focus on what really matters.”
The future: AI and data-driven decision making
Looking ahead, artificial intelligence (AI) is expected to reshape cyber risk management. Robinson cautioned, however, that AI’s effectiveness depends on strong data governance. “AI can only be as effective as the data it processes,” she said. “Organizations need to ensure their data is clean, secure, and well-managed before relying on AI-driven insights.”
As risks evolve, so must risk management strategies. The consensus among industry leaders is clear: Organizations that invest in AI-powered GRC platforms today — both to streamline cyber risk management and to defend against an increasingly AI-driven threat landscape — will be far better equipped to navigate future challenges, strengthen security and improve decision-making.
Diligent’s IT Risk Management and Cyber Risk Report solutions – integrated with the Diligent One Platform – give leaders real-time visibility, streamlined compliance and clear board-ready insights. Request a demo to see how GRC technology can drive smarter cyber governance.
Cyber leadership starts here
Cyber risk isn’t just an IT issue — it’s a leadership challenge. Learn how CISOs, GCs & boards can align for smarter risk management and oversight, while building cyber resilience
Get the PlaybookMore to explore
CISOs and GCs Unite: Collaborating for stronger cyber risk management and compliance
How CISO-GC collaboration supports effective cyber risk management and strategic business initiatives
Essential strategies for tackling today’s most pressing cyber threats
Read the blog for a breakdown of the most pressing cyber risks for 2025 along with actionable strategies to mitigate them.
Cybersecurity governance: The board’s secret weapon for unlocking shareholder value
Discover how effective board oversight in cybersecurity drives resilience, boosts shareholder value, and safeguards long-term organizational success.
