The recent spate of UK attacks has brought data security and cybersecurity to the fore, says the Chartered Institute of Internal Auditors.
Cybersecurity and data security are the biggest issues on the agendas of chief internal auditors, according to new research, a reaction to the wave of attacks across the UK that has seen brands as big as M&S, Harrods and Jaguar Land Rover hit by cybercriminals.
A survey of 900 top professionals, by the Chartered Institute of Internal Auditors (CIIA), finds that cyber and data security are listed among the top five risks by 81% of internal audit professionals.
The second most serious risk is human capital, diversity and talent management, with 48% of those surveyed placing it among their top issues.
‘Stark reminder’
According to Anne Kiem, chief executive of the CIIA, the spate of UK cyber-attacks is a “stark reminder” that data security and the integrity of digital systems must remain at the top of board agendas.
“Our Risk in Focus 2026 research shows that chief internal auditors are acutely aware of the escalating threat landscape, particularly as AI and digital disruption accelerate,” Kiem says.
“Internal audit is uniquely positioned to provide independent assurance for boards that cyber and digital controls are robust and effective, helping organisations to build resilience and protect their bottom line.”
The CIIA says recent attacks have raised questions about whether security in these areas is being taken as seriously as it should be by boards.
Crime cost: £300m
The M&S attack in the spring was a particular landmark in cyber-attacks and cost the company £300m in lost sales. The same group of cybercriminals who carried out the attack, Scattered Spider, was reportedly behind the attack on Jaguar Land Rover, though it may have involved other groups too.
Scattered Spider has also been blamed for attacks on Harrods and Co-op.
In April this year, Richard Horner, director of the UK’s National Cyber Security Centre, gave a speech in which he highlighted the risk from state and none-state cyber actors. At the time, he raised the issue of AI and its role.
“As we begin to properly integrate AI into our lives, we make ourselves more dependent on technology and so we become more exposed to the impact of cyber-attacks.
“AI will cause us to become vulnerable in new ways… and it will cause the threat to accelerate and change as our adversaries adopt AI.”
One change the CIIA seeks is the audit reforms that would improve company reporting on topics including digital resilience.
Related Posts
-
September 19, 2023
Resilience will be required to face a ‘poly-crisis’ of immediate and simultaneous risk issues, internal auditors believe.
-
August 2, 2023
Leveraging internal audit can help boards not only to identify and assess risks but to highlight opportunities in volatile times.
-
March 13, 2024
Code addresses need for ‘robust, competent and appropriately resourced internal audit’, according to the Institute of Internal Auditors.
-
April 18, 2023
Specialist ransomware criminals are investigating victims’ insurance capacity—sometimes by blatantly asking companies outright.
