It seems as the frequent and devastating data breaches have left a mark on the industry, as companies are now more likely to evaluate cybersecurity risk as part of their annual audit plans.
And these are no mere evaluations – these are serious strategic business risk evaluations.
Those are the results of a new report, entitled 2016 Internal Audit Capabilities and Needs Survey, released by global consulting firm Protiviti.
Seventy-three per cent now include cybersecurity risk in their internal audits, representing a 20 per cent year-on-year jump. As one might assume, the ability to address cybersecurity risk is better with higher-performing companies, especially in those where the board of directors has a high engagement level in the matter.
“The rapidly evolving sophistication of Cyberattacks is one of the hottest topics of today’s digital age,” said Mark Peters, managing director, internal audit, Protiviti.
“Our survey found that when it comes to assessing cybersecurity measures and the auditing processes, the highest performing organisations have audit committees and boards who actively engage with the internal audit function during the discovery and assessment of these risks. It’s still apparent, however, that further work is essential to build out these internal audit capabilities in order to focus on the right areas. Companies must take stronger action to set these imperatives into place.”
According to the report’s creators, there are two critical factors needed for success: a high level of engagement by the board of directors, and the inclusion of the cybersecurity risk evaluation into the audit plan.
The full report can be found on this link.