According to a recent survey by the Institute of Internal Auditors, internal audit leaders ranked technology as the primary cause of risk to their firms, particularly when it comes to cybersecurity.
The survey, which was conducted among 562 internal audit leaders and released on Monday during the IIA’s General Audit Management conference in Grapevine, Texas, found that 78% of respondents cited cybersecurity as posing a high or very high risk to their organization, followed by IT (57%) and third-party relationships (51%), which frequently involve IT companies. Among privately held and publicly listed enterprises, in the financial and public sectors, as well as not-for-profit organizations, the cluster of technology-related hazards throughout the top three slots was largely consistent.
“We consistently hear from our members that technology is the No. 1 driver of risk in today’s increasingly complex business landscape, across organizations of all shapes and sizes,” said IIA president and CEO Anthony Pugliese in a statement. “Modern business is more technology-reliant than at any point in history. Along with the opportunities that accompany rapid growth in artificial intelligence, digital data storage, and cryptocurrencies, we see similar growth in risks related to data privacy, cybersecurity, and biases in artificial intelligence, to name a few. Internal auditors and organizations around the world recognize that technology is both the single largest driver of both opportunity and risk.”
As technology continues to advance and permeate every aspect of business, the risks associated with it are becoming increasingly complex and difficult to manage. This is especially true for cybersecurity, which has become a top concern for internal auditors as cyberattacks become more frequent and sophisticated.
One of the main challenges facing internal auditors is the constantly evolving nature of cybersecurity threats. Hackers are always finding new ways to breach security systems, and companies must constantly update their defenses to keep up. This requires a significant investment of time and resources, which can be a burden for smaller organizations.
Another challenge is the human factor. Employees can unwittingly expose their organizations to cybersecurity risks by falling prey to phishing scams, using weak passwords, or accessing sensitive data from unsecured devices or networks. Internal auditors must work closely with management to educate employees about these risks and implement policies and procedures to mitigate them.
Despite these challenges, internal auditors are taking a proactive approach to cybersecurity risk management. According to the IIA survey, 63% of respondents said they have a formal cybersecurity risk management program in place, and another 25% said they are in the process of developing one. This is a positive sign that organizations are taking cybersecurity seriously and investing in the resources necessary to protect themselves.
In conclusion, the IIA survey highlights the critical role that internal auditors play in managing cybersecurity risks. As technology continues to advance, it is essential that organizations prioritize cybersecurity risk management and work closely with internal auditors to develop effective strategies for identifying and mitigating these risks. By doing so, they can protect themselves against the growing threat of cyberattacks and ensure the long-term success of their businesses.