In an interview with Accounting Today, Doron Rozenmblum, Managing Partner at Kreston-Ezra Yehuda-Rozenblum shared insights on the importance of internal audit for effective Cyber Risk Management.
In 2023, companies of all sizes are facing a growing threat in the digital world, with potential breaches that can impact their operations, reputation, and finances. The evolving cyber risk landscape is estimated to cost $8 trillion by 2023 and $10.5 trillion by 2025.
Ransomware attacks, particularly through phishing, pose significant concerns in both public and private sectors, increasing in frequency and causing more financial and reputational harm. Phishing involves tricking individuals through deceptive emails, often pretending to be trusted figures. Business Email Compromise (BEC) worsens the situation by using collaboration tools like chat and mobile apps. Hackers often exploit Microsoft’s brand, and brand impersonation attacks are worrisome due to poor security habits and lack of user awareness.
Digital fraud, notably identity theft, is a growing issue as more people engage in online activities like banking and shopping. In 2022, consumers reported nearly $9 billion in fraud losses, a 30% increase from the previous year, with a significant number of identity theft cases.
Enterprises, given their size and complexity, are increasingly vulnerable to cyber risks, particularly with the use of cloud services and the Internet of Things (IoT). Effective management involves a cautious approach to implementing AI and relies on the evolving role of internal audit, extending beyond finances to include cybersecurity. A risk-based approach, identifying critical assets and systems, evaluating controls, and integrating cyber risk management into overall strategy, is crucial. Regular updates on the cyber risk profile and assessing vendors’ cybersecurity practices, especially in the supply chain, are emphasised.
In conclusion, cyber risks are a growing threat, and internal audit is essential in managing them. Key aspects include assessing the risk landscape, reviewing internal controls, and utilising data analytics tools. A collaborative, risk-based approach helps organisations navigate the evolving cyber risk landscape effectively.
To read the full article by Kreston global, click here.
If you have any queries in relation to the above, the Kreston Stanley Williamson team is here to help. Don’t hesitate to reach out and contact us.
Kreston Stanley Williamson
*Correct as of 13 November 2023
*Disclaimer – this article has been produced by Kreston Stanley Williamson as a service to its clients and associates. The information contained in the article is for general comment only and is not intended to be advice on any particular matter. Before acting on any areas contained in this article, it is imperative you seek specific advice relating to your particular circumstances. Liability is limited by a scheme approved under professional standards legislation.