- Internal audit leaders at U.S. companies flagged cyberattacks as the top risk in 2023 while describing plans to focus on averting data loss and detecting malware and other intrusions, ManpowerGroup found in a survey released Tuesday.
- “Shifting to remote work appears to be driving the need to have better data loss prevention, while attention to intrusion detection and vulnerability management is being driven by increasingly successful and damaging cyberattacks,” according to the report by Jefferson Wells, a unit of ManpowerGroup.
- Internal audit leaders said one quarter of their staff work remotely while more than half balance in-office and remote work, Jefferson Wells said. Two-thirds of internal audit leaders plan to conduct an attack and penetration review during the next 12 to 18 months.
By some measures damage from ransomware and other cyberattacks hit unprecedented levels during the past several months.
U.S. financial institutions reported a record surge in ransomware payments last year, with nearly 1,500 filings valued at a total of nearly $1.2 trillion – a 188% increase compared with 2020, according to the Treasury Department.
U.S. companies are often in cyberattack cross-hairs. Cybercriminals targeted U.S. businesses in nearly half of all publicly acknowledged ransomware attacks globally between January 2020 and July 2022, according to data collected by NordLocker.
Even as threats mount, 59% of internal audit leaders said they do not include ransomware protection as part of their technology risk assessment, Jefferson Wells said. More than half (51%) do not include identity and access management as part of their assessments.
“With cybersecurity attacks on the rise and disclosure requirements impending from the SEC [Securities and Exchange Commission], we anticipate these numbers to shift dramatically in the coming years,” Jefferson Wells said. “Updated risk assessments, key control reviews and new audits will certainly come into play.”
Many leaders of internal audit voiced concern about a shortage of staff, Jefferson Wells said.
“Due to a lack of resources and skill gaps, an increasing amount of audit leaders are beginning to change scope/defer audits and even rely on other business units to complete their annual audit plan,” Jefferson Wells said.
Talent shortages, increasing compensation requirements and demands from employees for flexible work arrangements pose the biggest challenges in hiring and retaining qualified staff, Jefferson Wells said.
Facing a tight labor market, many internal audit departments have not been fully staffed during the past 12 to 18 months, according to Tim Lietz, national practice director for risk and compliance at Jefferson Wells.
“Today’s chief audit executives are faced with balancing constrained audit resources with the consistent pressure to expand audit coverage within their organizations,” Lietz said in a statement.
Jefferson Wells surveyed more than 200 chief audit executives involved in a range of industries.