Read Richard Chambers' Latest Blog
Are Companies Capitulating on Cybersecurity Risks?
In his blog, IIA President and CEO Richard Chambers, CIA, QIAL, CGAP, CCSA, CRMA, shares his personal reflections and insights on the internal audit profession. Here's an excerpt from his latest post:
In the past dozen years or so, cybersecurity has gone from being a mysterious IT concern best left to CSOs and CISOs to a top priority for boards and executive management. Yet, progress has been painfully slow for a problem everyone agrees is evolving at breakneck speed.
Reports of high-profile cyberattacks are now routine, and no sector or industry is immune to the threat. Indeed, the Privacy Rights Clearinghouse has documented more than 8,600 data breaches since 2005, including 831 in 2017. The group, located at the University of San Diego School of Law's Center for Public Interest Law, concedes it doesn't capture every successful cyberattack. Still, it estimates more than 11 billion records have been breached since it began keeping track.
Even so, I must admit I am troubled each time I read about cyberattacks that might have been avoided. Too often, successful hacks involve human failings, not technological ones. This is especially disturbing when one considers that cybersecurity ranks at or near the top of every management and board poll on risks.