AI fastest rising risk to business, says CIIA
In response to these accelerating risks, the Chartered IIA said it is urging boards and senior management to harness their internal audit teams’ expertise to assess the effectiveness of cyber and digital controls
Businesses across the UK, Ireland and Europe are rapidly changing their attitudes towards risk in response to the swift evolution of technological threats that are “transforming the risk landscape like never before”, according to the Chartered IIA’s (CIIA) annual Risk in Focus 2025 report.
The report tracks the risks facing organisations year-on-year as ranked by 985 Chief Internal Auditors across 20 European countries.
Deep fake attacks and increasingly intense AI-powered hacks helped cybersecurity and data security retain its long-standing position as the top threat with 83% saying it was a top five risk. This threat is forecast to remain the leading risk for the next three years, reflecting heightened concerns over increasingly sophisticated and frequent cyber-attacks, affecting everything from customer data to patient safety.
It comes as high-profile incidents, such as the recent global IT outage caused by the CrowdStrike attack, have underscored the growing risk to businesses and people.
However, the CIAA said that the rise of digital disruption, new technology and AI is the biggest rising concern, with 40% citing it as a top five risk up from a third (33%) a year ago. This makes it the fourth biggest risk this year up from sixth a year ago and the fastest rising risk category with organisations under increasing pressure to keep up with competitors and harness this fast-evolving technology to meet growing consumer demands.
In fact, by 2028, digital disruption, new technology and AI is set to rise even further when it is expected to be the second biggest risk with 63% of chief internal auditors saying it will be a top five risk. The increase in AI and digital-related risks is also mirrored in the growing amount of time and effort internal audit teams expect to spend addressing these threats over the next three years.
In response to these accelerating risks, the Chartered IIA said it is urging boards and senior management to harness their internal audit teams’ expertise to assess the effectiveness of cyber and digital controls. Where controls are found lacking, internal audit can play a critical role in recommending improvements to protect businesses from these emerging threats.
Anne Kiem OBE, chief executive of the Chartered Institute of Internal Auditors said: “AI’s rapid rise as a business-critical risk underscores the unprecedented pace of digital transformation happening around us. While these technological advances offer tremendous opportunities, without proper safeguards, they also pose significant threats.
“Internal audit is uniquely equipped to provide assurance that cyber, digital, and technology-related controls are not only in place but effective. Boards to confront these risks head-on and leverage the expertise of internal auditors to protect and future-proof their organisations.”