- Nearly 75% of all respondents and even more CAEs and technology audit leaders consider cybersecurity to be a high-risk area.
- Moreover, respondents believe next-gen cyber threats pose the most significant risks over the next two to three years.
- While only 28% of respondents indicate AI (including generative AI) and machine learning (ML) pose significant threats to their organisation over the next 12 months, AI is rated among the emerging technologies posing the most significant risks over the next two to three years. This suggests that while AI may not be perceived as an immediate threat, it is rising rapidly on the risk horizon.
- As AI adoption is set to soar, it represents a latent risk that organisations must start preparing for now. Few organisations believe their level of preparedness or the proficiency of their technology audit group in handling AI and ML risks are at acceptable levels.
- While respondents report that their IT audit teams are moderately proficient at effectively evaluating IT talent management and the perceived threat associated with attracting, developing and retaining skilled technology personnel ranks in the middle of the pack compared to other risks, enterprise preparedness remains relatively low.
- Data privacy regulations such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and forthcoming legislation in other jurisdictions are adding layers of complexity to technology risk management. Our survey shows that while many respondents are confident in their organisation’s cybersecurity measures, fewer are equally confident in data privacy compliance.
- CAEs and IT audit leaders are concerned about ensuring the accuracy, consistency and trustworthiness of their data. Proper data governance is not just a compliance requirement – it also represents the foundation for successful digital transformations and AI initiatives.
- Global events such as supply chain disruptions and regulatory changes, combined with the increased use of cloud services and other outsourced IT functions, have amplified the importance of vetting third-party providers. This screening extends beyond cost effectiveness to encompass compliance with security and data protection standards.
- Our survey results demonstrate a clear connection between the number of technology audits performed annually and an organisation’s ability to manage critical technology risks.
58% of respondents consider data privacy and compliance to be a significant threat over the next year
Call to Action
Here are several high-level actions for technology audit teams to consider.
- Increase audit frequency for high-impact areas, especially those identified as critical emerging risks, to maintain a pulse on rapidly evolving challenges.
- Leverage advanced analytics for deeper insights, integrating these tools and techniques into audit processes to better understand risks and the effectiveness of current risk management strategies.
- Assess perceived threat levels of technology audit risks in conjunction with organisational preparedness and internal audit’s proficiency concerning each threat.
- Improve internal audit’s ability to address IT talent management issues that pose significant threats to the organisation, the internal audit function and the technology audit group.
- Prioritise next-gen cyber threats today – collaborate with cybersecurity counterparts to assess organisational preparedness.
- Act now on AI, including generative AI. Organisational use of these technologies is increasing rapidly and evolving in unexpected ways, while AI-related organisational preparedness and technology audit proficiency remain low.
- Revisit cloud security policies, making sure to include aspects like data residency, encryption and access controls as part of this review.
- Address the most significant barriers — budgets, access to technical skills, ROI quantifications — hindering the adoption of advanced auditing technologies and tools.
- Invest in upskilling, especially for emerging technologies.
- Integrate ESG risks into audit plans.
Advanced AI poses significant risk in emerging tech over next 2-3 years
A note to our readers
Protiviti can provide further detailed results and insights from this study, including where other organisations in similar industries and of comparable size (and more) stand in relation to their perception of threat levels, organisational preparedness, and internal audit proficiency for each technology risk. Please contact your local Protiviti office or representative for more information.
Review previous reports and benchmarking studies here: