Cybersecurity efforts and generative AI usage top internal auditors’ risk list

Core Insights - Generative AI is emerging as a significant risk, but cybersecurity remains the primary focus for internal auditors [1][2] Group 1: Survey Findings - 41% of internal audit practitioners identified cybersecurity as a leading risk, while 35% cited generative AI [2] - The concern for cybersecurity increased to 45% in 2023, while generative AI concerns rose to 17% [3] - Audit committees prioritize cybersecurity at 52%, an increase from 47% two years ago, while generative AI concerns rose from 19% to 39% [4] Group 2: Audit Plans and Assessments - 89% of audit professionals reported that their audit plan includes a cybersecurity audit, and 67% include a generative AI assessment [5] - Over half of companies have reviewed their attack response (56%), addressed data storage security risks (54%), and evaluated security training (53%) in the last 18 months [7] - 14% of companies have not addressed ransomware in their audit plan, and 11% have not independently assessed information security [7] Group 3: Challenges in Cybersecurity - Developing and retaining cybersecurity skills is viewed as difficult by half of audit leaders, with only 37% seeing a return on investment from cybersecurity audit tools [6] - The most frequently evaluated areas of information security include password policies (56%), internal attack assessments (46%), and external penetration assessments (51%) [8]