79% see cybersecurity as top corporate risk

For the third year running, cybersecurity tops the annual risk survey from the Chartered Institute of Internal Auditors (Chartered IIA) but, in the wake of Covid-19, disasters and crisis preparedness was also identified as a top five risk

The poll of over 570 chief audit executives (CAEs) shows 79% viewing cybersecurity as one of the major risks they face.

More than a quarter (27%) singled cybersecurity out as the number one risk, amid a heightened awareness of the IT and security threats posed by widespread remote working, including an increase in phishing attempts and malware infections.

Disasters and crisis preparedness was cited as a top five risk by over a third of CAEs (34%). This was a new risk included for the first time in this year’s survey and reflects the increased focus on crisis management and business resilience as a result of the coronavirus.

The report highlighted ongoing concerns around companies’ ability to remain solvent as the world enters a recession. Amid depressed demand, financial, capital and liquidity risks have jumped up the agenda, with more than two in five (42%) of those surveyed including these within their top five risks – a 40% increase on last year.

Worries about bribery, fraud and other financial crime have also increased, with 25% of CAEs identifying these as a top five risk, up from 21% a year ago.

Health and safety saw a 70% year-on-year increase in the numbers of businesses citing it as a priority. Almost one in five participants (17%) said it was a top five risk, compared with only 10% a year ago.

Getting on for a quarter (22%) of CAEs cited climate change and environmental sustainability as one of their company’s top five risks, a more than 50% increase on the 14% who said the same in last year’s survey.

Awareness of environmental concerns is growing with 41% of audit chiefs saying they expect it to be a priority risk three years from now. Despite this, only 6% of audit chiefs citing climate change as one of the top areas to spend time and effort on.

John Wood, Chartered IIA chief executive, said: ‘Coronavirus has exacerbated existing risks, forcing organisations to think from completely new angles or assign new levels of priority to them.

‘Cybersecurity is a case in point. Though a perennial front-of-mind risk for boards, the rise in remote working means cybersecurity issues have taken on a new dimension and IT infrastructure has had to adapt in record time.

‘The longer-term implications of this exceptional scenario are still unclear, but we should expect disruption to continue into next year and beyond. Internal audit can and should help organisations manage these new challenges by identifying their blind spots and opportunities to improve their operations.’

Useful links:

Risk in Focus 2021 report is here

Be the first to vote