Technology
Do AI Systems Elevate Cybersecurity and Data Risks? Survey Results Show Concerns
Survey by Protiviti and The Institute of Internal Auditors (IIA) highlights how AI is reshaping the perception of existing risks, with 59% of IT audit leaders identifying AI as a significant threat over the next two to three years.
Oct. 08, 2024
As the rapid adoption of artificial intelligence (AI) transforms industries, organizations are becoming increasingly aware of the elevated risks it brings—particularly in the areas of cybersecurity and data privacy.
The 12th Annual Global Technology Audit Risks Survey by Protiviti and The Institute of Internal Auditors (IIA) highlights how AI is reshaping the perception of existing risks, with 59% of IT audit leaders identifying AI as a significant threat over the next two to three years. In the short term, cybersecurity remains the top concern, but AI’s integration is magnifying these risks and reshaping how organizations approach them.
The 12th annual Global Technology Audit Risks Survey polled a group of over 1,200 executives and professionals, including Chief Audit Executives (CAEs) and information technology (IT) audit leaders. The survey polled these respondents on the technology risks their companies face over near-term (12 months) and, for emerging technologies, the medium-term (two to three year) time horizons.
Thanks for reading CPA Practice Advisor!
Subscribe for free to get personalized daily content, newsletters, continuing education, podcasts, whitepapers and more...
Already registered? Login
Need more information? Read the FAQ's
AI taking key role in shaping technology auditing practices
The integration of AI-based tools into technology auditing is on the rise, with a majority of internal audit functions researching how this technology can enhance their processes. AIs not only offering a more comprehensive view of the risk landscape but is also amplifying concerns about key threats such as cybersecurity and data privacy. This growing reliance on AI is reshaping how auditors perceive and address these risks, with AI-enabled audits identifying higher levels of threats in these areas.
Moreover, AI-driven insights are helping organizations better prepare for these threats yet concerns about AI’s longer-term risks continue to grow. In fact, 76% of organizations using AI tools in technology audits perceive a high level of cybersecurity risk in the next year as compared to only 65% who do not use AI tools. Similarly, 71% using AI tools perceive a high level of data privacy & compliance risk, as compared to only 58% of those who don’t.
Still, IT audit leaders have concerns when looking out longer term. A majority – 59% –anticipate advanced AI systems (including generative AI) will pose significant risks in the next two to three years.
“I’m excited about the increasing adoption of AI in internal audit, and making this a priority is essential for departments to stay ahead of emerging risks and opportunities,” said Angelo Poulikakos, global leader of the firm’s Technology Audit and Advisory practice. Internal audit also has a unique opportunity to guide the business in adopting AI responsibly by advising on effective risk and control governance.”
Cybersecurity remains top technology threat
Cybersecurity remains the top technology risk for the second year in a row, with 68% of respondents identifying it as a high-level threat. However, AI is compounding these concerns, with AI-enabled organizations reporting an even higher perception of cybersecurity risk. Among organizations using AI in audits, 76% perceive significant cybersecurity threats, compared to 65% among those not leveraging AI. This suggests that AI’s growing role is not only surfacing new vulnerabilities but also providing deeper insights into existing risks, ultimately driving a heightened sense of preparedness and urgency to mitigate them.
Data concerns prevalent
Data privacy and compliance is the second-largest perceived technology risk over the next 12 months, with data governance and integrity ranking as the third largest. Additionally, 52% of auditors view data breaches and leaks of sensitive information as posing the greatest cybersecurity-related threats. IT audit teams are not alone in this rising concern as Protiviti’s recent Global Finance Trends Survey also found that 61% of CFOs and finance leaders rate data security and privacy as a high priority in the coming year.
Data privacy and compliance as well as regulatory compliance are two technology risks that saw a year-over-year (YOY) increase in perceived threat to organizations. Given the GDPR and the SEC’s cybersecurity rules that came into force in late 2023 for all publicly listed US companies, it is not surprising that IT audit leaders and CFOs alike would be concerned with increased levels of preparedness to handle them.
“Cybersecurity continues to be viewed as the most significant technology threat facing organizations,” said Anthony Pugliese, CIA, CPA, CGMA, CITP, President and CEO of The IIA. “As cybersecurity remains a top risk and strategic priority for leadership, internal audit functions will continue to play a key role to assist their organizations in identifying and mitigating these threats.”
Survey resources available
The research report from Protiviti and The IIA, “From AI to Cyber – Deconstructing a Complex Technology Risk Landscape,” is available for complimentary download, along with an infographic about the survey results, here.