July 2022 GRC Recap - What’s Trending in the Governance, Risk, and Compliance Universe?

GRC MetricStream
6 min read


Two things were on the top of our minds the past month: The sweltering heat and rising concerns about a macroeconomic downturn.

Almost all of the Northern Hemisphere experienced record-breaking heat waves this past month. This has not only created a sense of urgency to address climate change, but has also brought the spotlight on environmental, social, and governance (ESG) risk, reporting, and regulations.

US President Biden announced new executive steps to combat climate change but stopped short of issuing the much-called climate emergency declaration. Meanwhile, on the other side of the Atlantic, the UK is exploring a new task force to help investors measure the ‘S’ in ESG.

The interconnectedness and dynamic nature of risk continued to make headlines in July 2022. Gartner flagged the unusually high degree of interrelated risks as it identified concerns of a macroeconomic downturn as the top quarterly emerging risk in Q2 2022.

State-sponsored cyber attacks and key material shortages also made it into the top five. Chris Matlock, vice president with the Gartner Legal, Risk & Compliance practice, writing in the Gartner’s Quarterly Emerging Risks Report, had this to say: “The top five risks reported by respondents were notable both for their interconnectedness and origination outside of the organization.”

A lot more happened in the month of July. Scroll down for a quick glance at the top stories that made it to the headlines in the world of risk, operational resilience, compliance, IT and cyber risk, and ESG.

Trending in Operational Resilience, Business Risk, and Compliance

Trending in Cyber Risk and Compliance

  • A new report titled “Treading Water: The State of Cybersecurity and Third-Party Remote Access Risk” by the Ponemon Institute is out. Top stats to note:
    • 54% of organizations have experienced a cyberattack in the past 12 months
    • 64% of organizations still rely on manual monitoring procedures, costing an average of seven hours per week to monitor third-party access
    • 49% of organizations have experienced third-party attacks in the past 12 months despite being among the 60% who have made changes to their cybersecurity structure 
  • The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for the health care industry.
  • A new article by the World Economic Forum (WEF) offers insight into how the cloud has brought a shift in cybersecurity.
  • New research by Trend Micro finds that 54% of global organizations feel their cyber risk assessments are not sophisticated enough.
  • The Office of the Superintendent of Financial Institutions (OSFI), Canada, released its final Guideline B-13. The guideline for technology and cyber risk aims to provide specific guidance to enable organizations to balance innovation and risk management.
  • New findings from Skybox Security found that the top cybersecurity challenge was the insufficient identification of cyber risks with 40% of CISOs saying that they are not prepared to handle the rapidly evolving cyber threat landscape.
  • A new cybersecurity law has come into effect in the state of Virginia. The law requires agencies and local governments to report cybersecurity incidents within 24 hours of detection.
  • A recent article in the HIPAA journal outlines the compliance requirements of the draft American Data Privacy and Protection Act (ADPPA). The first draft of the bill was released in early June.
  • A joint cybersecurity advisory on North Korean state-sponsored cyber actors use of Maui ransomware has been released by the CISA, FBI and Treasury Department

Trending in ESG

July 2022 Webinars at @MetricStream

The webinar Managing the Deluge of New Cryptocurrency and Digital Asset Regulatory Change saw thought leaders Jennifer Clarke, Senior Editorial Manager, Regulatory SME, CUBE, Alex Royle Head of Compliance and Regulatory Affairs, EMEA, Galaxy Digital, and MetricStream Product Marketing leaders Loren Johnson and Suneel Sahi discuss the risk and compliance landscape surrounding cryptocurrency and digital assets.

Watch the recording.

In the webinar Connected, Continuous and Constantly Changing: Tackling the Intersection of Cyber and Third-Party Risks, third-party and cyber risk expert Linda Tuck Chapman and MetricStream Product Marketing leaders Loren Johnson and Patricia McParland participated in an interactive discussion on what’s new, what’s next, and how to thrive in an increasingly complex, connected web of risk.

Download the recording.

Get Ready for the GRC Summit

MetricStream’s GRC Summit 2022—much looked forward to by the GRC community as a platform to share insights, exchange best practices, and more importantly to discover what's next in GRC—is back, with an in-person event as we celebrate the 10th year.

Meet us on November 8th and 9th in person at the Royal Garden Hotel in London, UK. Register Now.


Mabel M Jesudian Manager – Content Marketing

Mabel M Jesudian, Manager – Content Marketing at MetricStream, works closely with the product and digital marketing teams to create compelling content and actionable marketing assets that help drive conversations. Mabel has over 13 years of experience with leading marketing communication and PR agencies where she crafted engaging narratives for diverse B2B and B2C clients. She holds an M.A. and M.Phil. in English and Communication from the University of Madras. In her spare time, she loves to read fiction and try her hand at new dishes.