IT Auditors Identify Cyber Risks, Data Privacy and Talent Shortages Among the Biggest Technology Challenges Companies Face

New survey from Protiviti and The Institute of Internal Auditors reveals the top tech risks that should be on every executive’s agenda

MENLO PARK, Calif. – October 10, 2023 – As the scale of emerging technology risks facing companies continue to multiply, IT auditors play a key role in identifying these threats and helping their organisations to navigate them. A new survey conducted by Protiviti and The Institute of Internal Auditors (IIA) reveals which risks are keeping IT auditors up at night.

The 11th annual “Global Technology Audit Risks Survey” polled a group of over 550 Chief Audit Executives (CAEs) and IT audit professionals on the technology risks their companies face over near-term (12 month) and medium-term (two to three year) time horizons. The survey revealed a number of key risks that the internal audit function is most concerned about, including:

  1. Cybersecurity is the top priority by a wide margin.

    Nearly 75% of respondents, and an even higher percentage (82%) of CAEs and technology audit leaders, consider cybersecurity to be a high-risk area over the next 12 months. To address this risk, leaders and executives need to put mitigation plans into place. With the increased integration of emerging technologies into business functions, organisations anticipate that next-gen cyber threats pose the most significant risks over the next two to three years.

  2. AI is an emerging risk with significant gaps in organisational preparedness and internal audit proficiency.

    Only 28% of respondents indicate the use of AI (including generative AI) and machine learning (ML) as posing significant threats over the next 12 months. However, while AI may not be perceived as an immediate threat, it is rising rapidly on the risk horizon. Specifically, 54% of our survey participants believe advanced AI systems, including generative AI, present substantial risks in the coming two to three years. As the technology becomes more widely accepted and integrated into business operations, the complexities and uncertainties it introduces will become more pressing. Few organisations believe their level of preparedness or the proficiency of their technology audit group in handling AI/GenAI and ML risks are at acceptable levels.

  3. The talent gap in IT is a growing concern.

    For companies to address cyber- and AI-related risks, they need to hire talent with a deep understanding of these spaces at a time when such talent and skills are scarce. Companies must focus on hiring the leaders and team members they need as well as retaining and upskilling the existing talent pool. Companies with insufficient talent and intellectual capital in areas like cyber and AI will find themselves exposed when these risks become reality.

Other areas that the audit function identifies as significant threats over the next twelve months include third parties/vendors (60%), data privacy and compliance (58%), and transformations and system implementations (55%).

"When it comes to technology challenges, not only are companies facing a wide range of threats, but each of these threats is changing at an alarming rate,” said Angelo Poulikakos, global leader of the firm’s Technology Audit and Advisory practice. “Risks related to cyber and AI look radically different than a few years ago, and will surely continue to evolve. Companies that conduct internal audits more frequently and integrate advanced analytical tools and techniques into their audit processes will be more on top of these changes and consequently more prepared when real issues arise. Many organisations are now dealing with the strategic risks of the long-term talent gap, which is why we’re seeing more CAEs and auditors recognise this challenge.”

“IT auditors play a critical role in helping their companies see around corners when it comes to technology risks across the enterprise,” said Brad J. Monterio, IIA EVP of Member Competency and Learning. “This survey offers valuable insights to CAEs and their teams on where they may need to concentrate their efforts in the coming years as they shape their audit plans. It also helps identify the areas where organisations should consider strategically investing in talent to bolster their risk preparedness."

This report is based on a survey, fielded from June through July of 2023, of 559 chief audit executives (CAEs) and IT audit professionals, representing a wide range of industries globally. The survey was conducted in collaboration with The IIA.

Survey Resources Available

The research report from Protiviti and The IIA, “Navigating a Technology Risk-Filled Horizon,” is available for complimentary download, along with an infographic and podcast about the survey results, here. On October 12, 2023, at 10:00 a.m. PDT, Protiviti and The IIA will host a free one-hour webinar to further explore the implications of the survey. Featured speakers will be Angelo Poulikakos and Lindsay Gleeson, Managing Director, from Protiviti, along with David Petrisky, Director, Professional Standards at The IIA.

About The Institute of Internal Auditors

The Institute of Internal Auditors (IIA) is an international professional association that serves more than 235,000 global members and has awarded more than 190,000 Certified Internal Auditor (CIA) certifications worldwide. Established in 1941, The IIA is recognised throughout the world as the internal audit profession's leader in standards, certifications, education, research, and technical guidance. For more information, visit

About Protiviti

Protiviti ( is a global consulting firm that delivers deep expertise, objective insights, a tailored approach and unparalleled collaboration to help leaders confidently face the future. Protiviti and our independent and locally owned Member Firms provide clients with consulting and managed solutions in finance, technology, operations, data, analytics, digital, legal, HR, governance, risk and internal audit through our network of more than 85 offices in over 25 countries.


Named to the 2023 Fortune 100 Best Companies to Work For® list, Protiviti has served more than 80 percent of Fortune 100 and nearly 80 percent of Fortune 500 companies. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.