Skip to Content

Editor's Note: Under Attack

Digital Anne Millage Jul 30, 2021

​Organizations are poorly prepared to protect themselves against cyberattacks.

​In this issue, we offer a package of articles on the important topic of cybersecurity. As recent incidents such as Colonial Pipeline, JBS, and Kaseya demonstrate, cyberattacks aren’t slowing down. They are becoming more sophisticated and costly — and many organizations are poorly prepared to protect themselves. 

The IIA recently released two Global Technology Audit Guides (GTAGs) that address internal audit’s role in helping protect their companies. Assessing Cybersecurity Risk: The Three Lines Model, released in late 2020, says auditors should assess:

  • Who has access to the organization’s most valuable information?
  • Which assets are most likely to be attacked?
  • Which systems, if compromised, would cause the most significant disruption?
  • Which data, if obtained in an attack, would cause financial or competitive loss, legal ramifications, or reputation damage?
Find your local chapter.

You are attempting to access subscriber-restricted content.

Are You Ready to Experience Everything Internal Auditor (Ia) Has to Offer? Sign in or become a member to gain access to the latest internal audit news and information today.


Anne Millage

Anne Millage is editor in chief of Internal Auditor.