War-related cyberattacks are on the rise and the surge of sophisticated ransomware attacks is ongoing, warns research

Cybersecurity is the chief risk for IT audit departments, yet despite heightened concerns, one in five organisations do not expect their 2022 audit plans to address the risk of cybersecurity breaches. This is according to research by Protiviti and ISACA.

Other related risks such as privacy and data as well as regulatory compliance also rank as top concerns.

Responses to the annual technology and audit benchmarking survey indicate that IT audit teams are perceiving the current technology risk landscape as much more threatening than in the past.

War-related cyberattacks are on the rise, the surge of sophisticated ransomware attacks is ongoing and remote work continues to subject many organisations to new cybersecurity risks.

“Given the increasingly complex and rapidly changing technology risk landscape we’re in, it’s imperative for IT audit leaders to understand they are responsible for maintaining a holistic view of IT risks impacting the entire organisation,” said Angelo Poulikakos, a managing director at Protiviti and global leader of the firm’s Technology Audit practice.

“This requires tech-enablement from an audit standpoint and regular calibration of risk assessments to suit the current environment, rather than ‘rinsing and repeating’ the work from previous years.”

Industry agnostic problem

“The elevated cybersecurity concerns evidenced in this year’s survey underscore that cyber threats are no longer concentrated within specific industries. This is an industry agnostic concern, and every organisation should be mobilising to protect itself.

”While IT audit teams may not be on the front lines managing these risks, it’s essential that they take a proactive approach to regularly assess the efficacy of these efforts while confirming the proper controls and protections are in place,” added Poulikakos.

The Top 10 IT Audit Risks for 2022
1. Cyber breach
2. Manage security incidents
3. Privacy
4. Monitor regulatory compliance
5. Access risk
6. Data integrity
7. Disaster recovery
8. Data governance
9. Third-party risk
10. Monitor/audit IT, legal and regulatory compliance

Data security responsibilities

The top risks cited in this year’s survey highlight the vital yet sensitive role that data plays in organisations today, with respondents expressing significant concerns regarding the way in which data is gathered, governed and secured.

Respondents also demonstrated that IT audit professionals are acutely aware of the evolving compliance requirements facing their organisations, related to data stewardship, industry standards, and national and regional requirements.

“With a global focus on data regulation, it may be easy to view data solely through a lens of compliance,” said Paul Phillips, ISACA director of Event Content Development and Risk Professional Practice lead.

“However, consumer concern with how their data are used and stored and other operational matters that can quickly become reputational matters must not be discounted. As IT auditors assess risk and evaluate controls associated with data, the tremendous organisational value (and responsibility) of data and the importance of trust should always be top of mind.”