Tuesday 10 September 2019 1:01 am

Internal auditors name cybersecurity as the top risk faced by their businesses

A survey of internal auditors published today has found cybersecurity, regulatory change and digitalisation are the top three risks faced by businesses across Europe.

The survey of 528 chief internal auditors found 78 per cent named cybersecurity and data security as a top five threat threat facing their businesses, 59 per cent cited regulatory change and 58 per cent flagged digitalisation.

The number of chief internal auditors citing cybersecurity as a top five risk has increased 18 per cent since last year, while this year 21 per cent named it as the greatest risk their business faced.

Read more: Huge Facebook data leak exposes phone numbers of 419m users

Sixty eight per cent of chief internal auditors said cyber and security risk is one of the top five risks internal audit dedicates its time and resources to. 

The chief auditor of a German multinational insurer said cybersecurity: “Is not just a compliance risk but also a commercial risk and opportunity. It is something that can set us apart from our competitors.”

The chief auditor of a German transport group said: “We have almost doubled our IT auditor headcount in recent years in order to be able to thoroughly audit cybersecurity.”

On the rising tide of regulatory compliance, the chief internal auditor of a Swedish bank said: “If we look at the number of hours we allocate for mandatory regulatory and compliance audits, it amounts to about 20 per cent of the total number of hours and it is increasing every year. But our resources are not increasing in line with that. That’s a real challenge.”

Read more: UK telecoms operators must strengthen cyber security to prevent cyber attacks

Other key threats were outsourcing, supply chains and third party risk (36 per cent) , business continuity and resilience (31 per cent), financial risks and macroeconomic and political uncertainty (29 per cent).

Ian Peters, chief executive of the Chartered Institute of Internal Auditors, said: “Cybersecurity is a problem we regularly see on the news from the theft of 500 million Marriott hotel guests’ personal information, to the security breach which exposed 50m Facebook user identities.”

Peters said the threat from regulatory changes is likely to become “more severe” for UK and Irish businesses, “as they face the prospect of further regulatory change because of Brexit”.