Top five cybersecurity and IT audit trends that most impact an organization’s ability to respond to today’s challenges

In-person conferences and roundtables are back in style across the Three Lines in supporting governance, risk and compliance. Leaders (including executives, board and audit committee members) are engaging at these events in search of new talent, understanding emerging risks and learning best practices to implement at their organizations. And that’s a trend seen across the board. In fact, the 2022 IIA Pulse of Internal Audit report details leadership response in aligning risks to audit plan allocation. The report shows cybersecurity presents the most common high-risk area (85%), but audit plans are only allocating 11% of resources to address cybersecurity.

But there’s good news - during leadership conversations at these industry-leading events, one observation stands out among them all: there is a heightened focus on cybersecurity and information technology (IT) audit challenges. Executives are seeking a baseline level of comfort in response to cybersecurity threats, particularly in response to:

• Remote workforce expectations;
• Increased cost of cybersecurity insurance;
• Digital and cloud migrations; and
• Regulatory reporting updates.

Top five trends

1. Skilled resourcing shortages
   Resourcing shortages are nothing new to the IT audit and cybersecurity world. The evolution more recently, however, has shifted towards the need for skilled labor (across security operations, compliance and IT internal audit). Individuals across organizations do not have the technical backbone to challenge an organization's cybersecurity posture. Organizations have either done nothing or utilized some of the following response mechanisms: Training and on-the-job upskilling, recruiting (internal and external), co-sourcing / outsourcing, and leadership and management coaching.