Tuesday 10 September 2019 1:01 am | Updated: Monday 09 September 2019 12:32 pm

Internal auditors name cybersecurity as the top risk faced by their businesses

A laptop displays a message after being infected by a ransomware as part of a worldwide cyberattack on June 27, 2017 in Geldrop. The unprecedented global ransomware cyberattack has hit more than 200,000 victims in more than 150 countries, Europol executive director Rob Wainwright said May 14, 2017. Britain’s state-run National Health Service was affected by the attack. / AFP PHOTO / ANP / Rob Engelaar / Netherlands OUT (Photo credit should read ROB ENGELAAR/AFP/Getty Images)

A survey of internal auditors published today has found cybersecurity, regulatory change and digitalisation are the top three risks faced by businesses across Europe.

The survey of 528 chief internal auditors found 78 per cent named cybersecurity and data security as a top five threat threat facing their businesses, 59 per cent cited regulatory change and 58 per cent flagged digitalisation.

The number of chief internal auditors citing cybersecurity as a top five risk has increased 18 per cent since last year, while this year 21 per cent named it as the greatest risk their business faced.

Sixty eight per cent of chief internal auditors said cyber and security risk is one of the top five risks internal audit dedicates its time and resources to.

The chief auditor of a German multinational insurer said cybersecurity: “Is not just a compliance risk but also a commercial risk and opportunity. It is something that can set us apart from our competitors.”

The chief auditor of a German transport group said: “We have almost doubled our IT auditor headcount in recent years in order to be able to thoroughly audit cybersecurity.”

On the rising tide of regulatory compliance, the chief internal auditor of a Swedish bank said: “If we look at the number of hours we allocate for mandatory regulatory and compliance audits, it amounts to about 20 per cent of the total number of hours and it is increasing every year. But our resources are not increasing in line with that. That’s a real challenge.”

Other key threats were outsourcing, supply chains and third party risk (36 per cent) , business continuity and resilience (31 per cent), financial risks and macroeconomic and political uncertainty (29 per cent).

Ian Peters, chief executive of the Chartered Institute of Internal Auditors, said: “Cybersecurity is a problem we regularly see on the news from the theft of 500 million Marriott hotel guests’ personal information, to the security breach which exposed 50m Facebook user identities.”

Peters said the threat from regulatory changes is likely to become “more severe” for UK and Irish businesses, “as they face the prospect of further regulatory change because of Brexit”.