Cybersecurity tops risk list for Europe’s audit chiefs

Cybersecurity tops risk list for Europe's audit chiefs

Cybersecurity is now such a big concern for chief internal auditors that a clear two-thirds (66 per cent) majority say it is now one of the top five risks their organisation faces.

The Chartered Institute of Internal Auditors research, based on the responses of over 300 chief internal auditors working in organisations across Europe, reveals the top risks facing organisations across the private and public sectors in 2019 with cybersecurity commanding the number one spot.

Published in the latest annual risk report ‘Risk in Focus’, produced by seven European institutes of internal auditors, covering eight EU countries, the report highlights the top risks that should be high on organisational agendas in 2019 and further into the future.



The top risks facing organisations, identified by chief internal auditors, are as follows:

  1. Cybersecurity: 66 per cent
  2. Compliance: 58 per cent
  3. Data security & protection: 58 per cent
  4. HR & people risk: 42 per cent
  5. Regulatory change: 37 per cent
  6. Digitalisation: 36 per cent
  7. Innovation: 28 per cent
  8. Culture: 25 per cent
  9. Outsourcing & third party: 24 per cent
  10. Political uncertainty: 23 per cent
  11. Dr Ian Peters MBE, chief executive of the Chartered Institute of Internal Auditors, said: “It is not surprising that organisations are most concerned with cybersecurity, compliance and data protection in a post-GDPR world.”

    “Cybersecurity has been a high-priority risk for a number of years and this shows no signs of abating. However, companies are pushing to move away from legacy systems and, as approaches to managing cyber risk mature, attention is turning to third-party defensibility.

    “High-profile cyberattacks such as Petya and WannaCry are becoming more and more prevalent and this means that organisations are only as strong as the weakest link in their IT supply chain.”

    Dr Peters added: “A major obstacle to mitigating cyber risk is the piecemeal approach organisations have taken to their IT infrastructure planning and development over past decades. Poor governance and oversight of IT functions has meant businesses have gradually built siloed systems and bolted on parts of their network over a period when cyber risk was low.

    “It is important now that organisations turn to looking at outsourced or third party supply chains to ensure that they are not vulnerable to cyberattacks.”

    Share icon
    Share this article: