We use cookies to improve this site and enable full functionality. You can change your cookie settings at any time using your browser. Our cookie policy.

Cyber security top concern for many organizations

Cyber security top concern for many organizations

Cyber security top concern for many organizations Cyber-security risk is now an integral part in many companies annual audit plans, with over 70% of organizations including cyber-security risk in their internal audits.
 
According to the 2016 Internal Audit Capabilities and Needs Survey conducted by consulting firm Pritivit, 73% of organizations now include cyber-security risk in their internal audits, a 20% increase from last year. The survey also found that top-performing organizations have better cyber-risk addressing capabilities, especially those whose boards of directors have high levels of engagement in information security risks, which is a campaign the insurance industry has been backing for a long time now.  
 
In the past decade, cyber-security has evolved from an IT risk to boardroom level risk, with 57% of organizations having received inquiries from customers, clients, and insurers about their cyber-security status.
 
According to the survey, 92% of organizations with a high level of board engagement in information security risks implement a cyber-security risk plan, compared to only 77% of those without a high-level of board engagement. Meanwhile, 83% of companies that include cyber-security risk in the annual audit plan have a cyber-security risk policy, versus 53% that do not include cyber-security risk.
 
Over 1,300 internal audit practitioners, including more than 150 chief audit executives and mostly from North America, participated in the survey, which is in its tenth year.
 
A more interconnected world is more exposed to cyber-security risks, so companies need to make cyber-security a high priority in their plans. That includes having a cyber-security insurance policy in place to deal with any risks such as malware and cyber-attacks, such as information theft and extortion, especially for data-sensitive businesses.