Report: cyber breaches top concern amongst IT professionals

Concerns around security, privacy, cloud and technology resilience are being fuelled by shifting businesses priorities, the pandemic-induced remote work environment and accelerated deployment of new technologies, according to a survey from Protiviti and ISACA.

The survey identified the top concerns that over 7400 IT audit leaders and professionals from organisations around the world are facing and planning to address in 2021. The findings reveal that ‘digital leaders’ — those self-characterised as having innovative and disruptive qualities, and a track record of effective adoption of emerging technologies — weigh risks differently from companies with lower levels of digital transformation maturity and those who are in the earlier stages of defining and delivering on their digital and innovation agenda.

The survey report notes that digital leaders stand out in their frequency of performing technology audit risk assessments, driven by more agile ways of working, as well as more integration and use of data and technology. However, 67% of organisations do not classify themselves as digital leaders, and 11% of those non-leaders are not conducting any form of technology risk assessment.

The survey asked respondents to rate the significance of 39 technology risk issues, with the top 10 identified as cyber breach, confidentiality and privacy, regulatory compliance, user access, security incident management, disaster recovery, data governance, third-party risk, remote workplace infrastructure, and availability risk.

The top 10 technology risks for digital leaders and other companies were the same, but risk indexes trended higher for digital leaders. This can be attributed to several factors, including the more complex technology environments of such organisations as well as their more extensive use of advanced technologies (such as intelligent automation, IoT, artificial intelligence and machine learning).

A notable difference between digital leaders and other organisations was that cloud strategy and adoption was a top 10 risk for digital leaders but not for others, because digital leaders are more likely to include cloud technologies in their delivery of business services and in their longer-term planning and strategy.

Andrew Struthers-Kennedy, Managing Director of Protiviti, noted that companies need visibility to effectively identify and evaluate risks. The sudden shift to remote work, as well as the broader disruption experienced by many, has revealed the importance of identifying and assessing technology risks on a more dynamic and frequent basis, to develop closer-to-real-time views and responses.

“We’re seeing significant demand from companies that need help integrating more dynamic and data-driven approaches to risk assessments into their internal audit activities. Internal audit functions that are able to achieve this will be much better positioned to deliver highly efficient and effective risk assurance,” said Struthers-Kennedy.

The survey also found that 61% of organisations are identifying and assessing technology risks for the purpose of audit planning, as part of the overall internal audit risk assessments process. However, this indicates that 39% of organisations are not specifically assessing technology risks in the development of audit plans.

The survey also revealed that the ranking of technology risks was generally consistent amongst IT audit professionals from North America, Africa, Asia, Europe, the Middle East and Oceania, with cyber breaches ranked as their top concern. Cyber breaches were also consistently a primary concern across a range of industry sectors.

Robin Lyons, ISACA IT Audit Professional Practices Lead, said the study reveals that missteps in risk management are amplified for organisations that have not mastered timely responses to business disruption.

“Audit functions that have a strategy that keeps pace with longer-term risks and high-velocity risks will demonstrate their value as they continue to provide assurance regardless of any disruption,” said Lyons.

The report is based on a survey of 7470 executives and professionals, representing a range of industries globally, conducted from September to October 2020. The survey was conducted in collaboration with ISACA, a global technology association and learning organisation.

Image credit: ©stock.adobe.com/au/Song_about_summer