The author criticizes the over-reliance on GRC technologies and the proliferation of new risk categories like Regulatory, Compliance, and Legal Risk. They argue that these categories are often redundant and that the true focus should be on underlying human behavior and systemic issues that lead to risk.