Welcome to Cyber Security Awareness Month
What is the top ranked risk and focus for internal auditors globally?
The just released 2025 IIA Risk in Focus Report has the answer – it is Cybersecurity! So what better than to use Cyber Awareness month to focus attention on this risk.
Cyber is more than just ransomware and hacking, the magnitude of risk is driven by the ever present digital disruption that is both an opportunity and a challenge for our organisations and our profession.
In this month’s editions of the News Update we will bring a selection of Cyber-focused thought starters to keep you cyber aware.
2025 IIA Risk in Focus Report
Cybersecurity as a risk is being driven by Digital Disruption, which in turn is being driven by:
- Business opportunity and perceived high risk of missed opportunities
- Financial impact comparing cost and benefit
- Public opinion where the market and stakeholders show strong demand
- Social impact and ethical concerns
- Regulations and compliance now and in the future
Data Breach in Numbers
The global average cost of a data breach in 2024 was USD $4.88M, according to IBM’s Cost of a Data Breach Report 2024. They say it pays to:
- Know your information landscape – 40% of data breaches involved data stored across multiple environments.
- Strengthen security prevention strategies with AI and automation – Organisations that do save USD $2.22 million on average compared to those that don’t.
- Take a security-first approach to gen AI adoption – only 24% of organisational gen AI initiatives are secured.
- Level up your cyber response training – 75% of the increase in average breach costs this year where attributable to post-breach response activities.
Ransomware Payments Up, But Fewer People Paying
Chainalysis, a blockchain analysis firm, says ransomware attackers are changing tactics, going for fewer, but high-profile attacks to secure bigger payouts, including one for $75M almost double the previous year’s top price. Security Affairs
Interestingly, CSOonline reports that 62% of CISOs worldwide say their organisation would likely pay a ransom to restore access. This is more likely in Saudia Arabia, Canada and South Korea (hope the attackers don’t read CSOonline).
Deepfake Confidence Low
Less than 50% of organisations are confident they can handle a deepfake attack according to CFO.com. The story says there is an increasing threat of deepfake fraud targeting executives, with 26% of executives impacted by deepfake fraud over the past year saying that their company’s financial and accounting data was the primary target. There is growing concern about the ability to protect sensitive financial data from such sophisticated cyberattacks. To combat these threats, organisations are adopting various internal policy and training strategies.
Learn From the Best
All those impacted by the July Microsoft outage know that even the giants of tech companies can be vulnerable. In this article by Jayakumar Sundaram, shares the lessons he has learned from the trenches. ISACA