2022 IT Audit Technology Risks in Tech, Media & Telecom
Survey Shows Elevated Concerns Around Cybersecurity, Privacy and Compliance for the Technology, Media and Telecom Industry
For the technology, media and telecommunications (TMT) industry, the greatest IT audit concerns in 2022 lie with cybersecurity-related breaches, privacy and regulatory compliance. More than 1,000 IT audit leaders and professionals from the TMT industry provided this assessment of the current technology risk landscape in the latest IT Audit Technology Risks Survey, conducted by ISACA and Protiviti.
The TMT survey participants were among more than 7,500 IT audit leaders from across nearly every industry who shared insights on the biggest IT risks and how they are structuring their functions to address current and future demands. The top IT audit issues, which align with those expressed by IT audit leaders across other industries, are of greater concern because they can lead to significant reputational damage and loss of revenue and customers, as well as regulatory fines or scrutiny.
Cybersecurity is not a new threat to TMT organisations; however, the level of urgency has clearly escalated in recent years. According to the Identity Theft Resource Center, there were 1,862 data breaches in 2021, up more than 68% from 2020 and breaking the previous record of 1,506, set in 2017. Protiviti’s latest annual Top Risks Survey also showed that, for the TMT industry group, the cyber threat moved up six notches to the fourth position this year on the top-risk list.
It is also not a surprise that privacy concerns are weighing heavily on the minds of TMT IT audit leaders. Increasingly, governments around the world are enacting new privacy rules and imposing heavy fines and penalties on organisations that are found to be violating the rules.
Clearly, as the survey shows, the TMT industry faces significant technology risk challenges. Going forward, to drive success and reduce risks, companies need to prioritise developing a culture of compliance, just as they have done with innovation and a first-to-market attitude. This means regularly assessing and reacting to the impact of evolving regulations and enforcement on their organisation’s business model. Building capabilities, including staffing up on compliance, risk management, legal, privacy and legislative expertise, with clearly assigned roles and responsibilities, is also crucial to success.
The intensifying data privacy environment calls for organisations in the TMT industry to develop a comprehensive data privacy programme, if they have not already, and make it an embedded process. It is also critical that organisations break down silos by leveraging a broad, data-driven transformative risk management framework, and conduct regular risk assessments. This framework should be built to evolve quickly and at the same pace as innovation.
The 10th annual IT Audit Technology Risks Study was conducted in the fourth quarter of 2021. The in-depth survey report (which includes a detailed breakdown of benchmarking data by organisation size, region, industry and more), as well as a podcast, a webinar and an infographic on the topic, are available from Protiviti here and from ISACA here.