Cybersecurity is a topic that everyone seems to be talking about; from news anchors discussing the recent data breaches and threats posed at the upcoming midterm elections, to casual barbershop conversations regarding a compromised credit card. Naturally, within the enterprise, this topic is top of mind.
According to MISTI’s 2018 Internal Audit Priorities Report, the number one topic on audit plans this year has been cybersecurity, a metric that also topped the list in the 2017 study. The evolving threat landscape poses a slew of challenges for businesses, and naturally, the IT audit department must be abreast of the risks presented by those challenges when it comes to communicating with the audit committee.
Audit committee members go to the same seminars and conferences where cybersecurity takes precedence over other topics, and when you couple that with the headline-grabbing breaches featured in the news, they’re very interested in the matter, says Yulia Gurman, Director of Internal Audit and Corporate Security at the Packaging Corporation of America.
“Being in the audit committee part of your responsibility is risk oversight,” she told Internal Audit Insights during a recent interview shot at MISTI’s IT Audit & Controls Conference in San Diego, California. “[They want to be informed] on how the company is protecting their assets if faced with a cyber attack.”
In the full interview below, Gurman highlights the common questions that audit committee members have tied to cybersecurity, and what IT auditors should prepare for.