Skip Ribbon Commands
Skip to main content
Global Institute of Internal AuditorsBreadcrumb SeparatorNewsBreadcrumb SeparatorNEW Issue of Tone at the Top — Confronting the Cybersecurity Monster

​Cybersecurity Is More Than an IT Issue — Does Your Board Know How to Manage the Dangers?

Cyber risk does not discriminate — it affects organizations of all sizes and in all industries. And global boards and executives don’t consider it a top ten risk just for 2021 — cyber threats are expected to still be a major risk in 2030. With global cybercrime expected to jump 15% per year and its annual impact predicted to hit $10.5 trillion by 2025, it is imperative that any existing vulnerabilities, as well as new ones created by the COVID-19 pandemic, are fully understood and addressed.

The August issue of Tone at the Top, “Confronting the Cybersecurity Monster,” outlines various strategies to help boards tackle cyber risk, including maintaining a keen grasp of the organization’s cyber risk profile, embracing their oversight role, and practicing healthy skepticism to ensure they have a clear-eyed understanding of strengths, weaknesses, and vulnerabilities. There are also ways that internal audit can collaborate with the organization’s cybersecurity experts to verify that plans are being executed as intended and are adequate to the task. Measures to be taken by the board and internal audit include:

  • Establishing oversight roles and scheduling regular updates.
  • Recognizing the threat level.
  • Taking a multifaceted deep dive to prevent, detect, and respond to cyber events.
  • Understanding what sets cybersecurity risk apart from other risks.
  • Running a simulated cyberattack and/or maturity model visualization exercise.
  • Proactively planning how to deal with issues related to unfamiliar emerging technologies.

Download the August issue of Tone at the Top, share it with your organization’s board, audit committee, and senior management, and be sure to review the questions for board members, as well as the chart outlining gaps in board understanding of organizational cyber resiliency.