Cybersecurity tops annual business risk survey

10 Sep 2019

A new survey has found the top three risks faced by businesses across Europe are: cybersecurity (78%), regulatory change (59%) and digitalisation (58%). The survey of 528 Chief Internal Auditors (125 from the UK and Ireland) is part of the Chartered IIA’s Risk in Focus 2020 report, published today, Tuesday 10 September.

Risk in Focus 2020 contains guidance for organisations about tackling the major risks they face. The report recommends a number of ways that businesses can increase protection against cyber threats, including:

  • Assessing how their customer service chatbots are protected against breaches.
  • Recruiting an internal or external cybersecurity expert to minimise corporate risks.
  • Reviewing the security of their cloud services - including ensuring robust systems and processes are in place to prevent misconfigurations.

The increasing burden of regulatory change felt by businesses with the introduction of GDPR and new legal frameworks for online payments is analysed by Risk in Focus 2020. It advises businesses to consider whether they are taking a sufficiently forward-looking approach to regulatory changes e.g. a regulatory implementation calendar.

Risk in Focus 2020 also focuses on digitalisation and advances in technology e.g. AI and blockchain. The report includes guidance for business to consider whether they have sufficient capacity and capabilities to innovate and if projects are sufficiently controlled and appropriately measured.

Risk in Focus 2020 is the fourth annual report analysing the business risks that organisations across Europe face. Cybersecurity and digitalisation have both appeared in the top three risks over the last two years. This year, the number of Chief Internal Auditors citing cybersecurity as a top five risk has increased by 18%, further strengthening its position as the clear number one risk.

Dr Ian Peters MBE, Chief Executive of the Chartered Institute of Internal Auditors, said:

“For the second year running, cybersecurity has been identified as the number one business risk faced by organisations in Europe. Cybersecurity is a problem we regularly see on the news from the theft of 500 million Marriott hotel guests’ personal information, to the security breach which exposed 50 million Facebook user identities. Risk in Focus 2020 includes guidance for businesses to better manage the cyber risks they face.

“Risk in Focus 2020 also analyses the impact of regulatory change after the introduction of GDPR and new legal frameworks for online payments. This risk is likely to become more severe for UK and Irish businesses, as they face the prospect of further regulatory change because of Brexit. 

“Digitalisation has led to huge technological advances from AI to blockchain. Risk in Focus 2020 contains guidance for businesses about taking advantage of the opportunities that come with digitalisation and support in managing the associated risks.

“I urge businesses and other organisations to use the guidance in Risk in Focus 2020 to better protect themselves against the biggest risks they are facing, particularly from cybersecurity, regulatory change and digitalisation.”


Notes to editors:

1. The top ten risks that Chief Internal Auditors told our Risk in Focus 2020 survey that their organisations face were:

  • Cybersecurity and data security - 78%
  • Regulatory change and compliance - 59%
  • Digitalisation, disruptive technology and other innovation - 58%
  • Outsourcing, supply chains, and third-party risk - 36%
  • Business continuity / resilience - 31%
  • Financial risks - 30%
  • Macroeconomic and political uncertainty - 29%
  • Human resources - 27%
  • Corporate governance and reporting - 26%
  • Communications and reputation - 22%

2. Between March and May 2019, 528 Chief Internal Auditors from UK, Ireland, Belgium, France, Germany, Italy, Netherlands, Spain and Sweden took part in a quantitative survey for Risk in Focus 2020.

3. The Chartered IIA is the only professional body dedicated exclusively to training, supporting and representing internal auditors in the UK and Ireland. We have over 10,000 members in all sectors of the economy. First established in 1948, we obtained our Royal Charter in 2010. About 1,000 of our members hold the position of Head of Internal Audit and the majority of FTSE 100 companies are represented among our membership. Members are part of a global network of 200,000 professionals in 170 countries.