Cybersecurity has been named as one of the “number one” risks to businesses, according to internal auditors.
According to the Chartered Institute of Internal Auditor’s (CIIA) latest Risk in Focus report, the top three risks currently facing businesses and other organisations across nine European countries are cybersecurity (78%), regulatory change (59%) and digitalisation (58%).
The CIIA said there is “no room” for complacency in managing and mitigating cybersecurity/information security risk, as internal audits may have to dedicate time and resources to this area “indefinitely” given that it is a “constantly moving target”.
The report also recommends various ways in which businesses can increase protection against cyber threats, including:
- Recruiting an internal or external cybersecurity expert to minimise corporate risks
- Assessing how customer service chatbots are protected against breaches
- Assessing the security of cloud services – including ensuring robust systems and processes are in place to prevent misconfigurations
A statement by the CIIA read: “The persistence of the cyber threat — and the financial and reputational costs associated with periods of prolonged downtime, stolen data assets and negative press coverage — requires that internal audit remains vigilant and attentive.
“Even if the business’s efforts to mitigate information security risk are highly mature, there is a need for the third line of defence to track these efforts, assess the ongoing evolution of the organisation’s perimeter wall and stay on top of organisational and operational changes that impact upon the business’s information security risk profile.”