Did you know that a recent survey revealed a significant number of internal auditors flagged cybersecurity as the primary risk facing organizations? These survey results underscore how much more focus needs to be placed on protecting sensitive organizational data.
The Internal Audit Foundation’s 2024 edition of the North American Pulse of Internal Audit Benchmarks for Internal Audit Leaders provides invaluable insights into the state of internal audit, and this edition has a special focus on cybersecurity. The report contains key metrics and survey results conducted by the Foundation and includes data related to audit priorities and post-pandemic recovery.
This report has been a key source of guidance for internal audit and organizational leadership since 2008. It speaks to both current conditions and long-term trends in the internal audit space. By highlighting key areas of focus for internal audit functions, the report helps internal auditors prioritize their activities and allocate resources effectively to ensure that internal audit efforts are aligned with the most significant risks facing an organization.
The latest findings emphasize the prominent role of technology, especially cybersecurity and IT, as the primary areas of concern. Cybersecurity and IT have emerged as the foremost risks, with additional attention on third-party relationships, compliance/regulatory issues, and operational challenges.
An alarming 78% of surveyed Chief Audit Executives and Directors believe the risk from cybersecurity threats is high or very high. That’s a significant increase from the 60% who felt that way in 2017. Only 21% of respondents say the risk is moderately high, and 1% believe the risk is low. This shows that auditors are more worried about cyber threats than ever before.
According to the survey, efforts to deal with cybersecurity and IT risks make up almost 20% of internal audit plans, exceeding the allocation for operational, financial reporting, and compliance/regulatory areas. This significant statistic highlights the growing concern surrounding cybersecurity and underscores the need for a deliberate strategy to manage these risks effectively.