Getting Everyone on Board to Battle Security Risks

Getting Everyone on Board to Battle Security Risks

Board Involvement Improves Cyber-SecurityBoard Involvement Improves Cyber-Security

Organizations whose Board of Directors is highly engaged with information security risks and include cyber-security in their annual audit plan manage cyber-security risk acceptably, according to 30% of respondents.

Defined Cyber-Security Measures HelpDefined Cyber-Security Measures Help

Defining cyber-security measures in the annual audit plan aids successful management of cyber-security risks. 47% of respondents rate their organizations as “very effective” at identifying cyber-security risk, compared to just 19% of other organizations.

Cyber-Security Risk StrategyCyber-Security Risk Strategy

70% of organizations that include cyber-security in their audit plan also have a cyber-security risk strategy, compared to 42% of other companies.

Cyber-Security Evaluation Included in AuditCyber-Security Evaluation Included in Audit

53% of respondents said cyber-security evaluation is included in their audit planning. Of those, 60% have used NIST’s Cybersecurity Framework to measure and evaluate their programs.

Top Five Security RisksTop Five Security Risks

The top five most significant cyber security risks are: Data security (company information), Brand/reputational damage, Regulatory and compliance violations (tie), Data leakage (tie), Viruses and malware

Tech Knowledge: Top Five PrioritiesTech Knowledge: Top Five Priorities

Respondents assessed their competency in 35 areas of technical knowledge, indicating whether their knowledge is adequate or needs improvement. The top areas for technical knowledge improvement include: Data Analysis Technologies, NIST Cybersecurity Framework, Mobile Applications, Continuous Assurance, The Guide to the Assessment of IT Risk

Audit Process Knowledge–Top FiveAudit Process Knowledge–Top Five

Respondents evaluated 35 areas of audit process knowledge in terms of improvement. These include: Auditing IT security, Computer-assisted audit tools (CAATs), Data analysis tools for data manipulation, Marketing internal audit internally, Monitoring fraud

Increased Adherence to StandardsIncreased Adherence to Standards

Internal auditors indicate an increased desire for new guidance and standards to advance IT audit plans and communicate the importance of these practices more effectively to key stakeholders.

Commitments to CollaborationCommitments to Collaboration

Internal auditors are committed to increasing collaboration with other departments and wish to improve and leverage their personal skills such as persuasion and their relationships with board members, to balance multiple priorities and strengthen their strategic contributions to the enterprise.

CIOs and Internal AuditorsCIOs and Internal Auditors

According to 43% of respondents, many CIOs have been collaborating with the audit committee, reporting on both cyber-security and IT-related risks.

Karen A. Frenkel
Karen A. Frenkel
Karen A. Frenkel is a contributor to CIO Insight. She covers cybersecurity topics such as digital transformation, vulnerabilities, phishing, malware, and information governance.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles