GRC tools can help organizations spot and address weaknesses before they become targeted by an attacker. Proactive use of GRC tools could help rein in cybercrime costs, Ponemon said. GRC tools often will contain a console to help executives determine the risk profile of systems and help prioritize ongoing security projects. GRC tools go beyond ensuring that the company meets compliance mandates, according to Ponemon. They can determine if a system needs the latest security patches or if an appliance is misconfigured, opening a hole to a potential attacker.