With cybersecurity now a board-level issue, internal audit must keep board members informed about the risks and help them fulfill their oversight responsibilities.
Once an emerging risk discussed just annually by boards and audit committees, cybersecurity is now a board-level issue that must be top of mind for board members and management, alike. Yet, for many board members, cyber risks can be an adventure into unknown territory. These risks comprise a rapidly evolving technical puzzle where the magnitude, vulnerability, likelihood, accountability, and strategies for managing, detecting, monitoring, and responding to risks are a maze of alternatives, with no definitive "right answer."