Event Recap
On November 26, 2024, ECIIA and the European Institute Research Group (EIRG) hosted an insightful webinar on Risk in Focus hot topic: Cybersecurity. The panel of industry experts explored:
- The demand for cyber expertise and challenges in sourcing skilled talent.
- Increasing exposure to cyber threats through extended value chains.
- The role of AI in amplifying cyber risks and influencing governance.
- Rapid responses to evolving threats and geopolitical impacts on cybersecurity.
- Collaboration across the three lines of defense to reduce risks effectively.
The session also highlighted practical strategies for internal auditors to help organisations navigate these challenges.
Speakers:
- Daniele Federici – Head of Global Internal Audit, Landis+Gyr
- Deepinder Chhabra – Associate Director – GRC – Security Consulting Services
- Luca Mario Antonio Laguardia – Head of Internal Audit, Fabrick
- Valerie Schipman – Director, Audit IT & Digital, Renault Group
- Guy Philippe Goldstein – Strategic Advisor, Expon Capital
Key takeaways from the discussion included:
1. Cyber and IT Dimensions: Central to Auditing
- Audit activities today are inseparable from Cyber and IT considerations.
- Cyber audits now encompass resilience building and refined business impact analyses.
- Regulations, like DORA in finance, are driving the focus on cybersecurity.
2. AI: A Game-Changer with Challenges
- Auditing AI systems requires attention to attack vectors, privacy compliance, and cybersecurity by design.
- Unique challenges include addressing discrimination and bias within AI systems.
3. Emerging Risks: Social Engineering & Deepfakes
- Traditional phishing defenses are improving, but companies must now prepare for fake virtual conferences and advanced phishing tactics.
- Business roles and responsibilities must be better defined to manage access and authorization risks.
4. Human Resource Challenges
- A shortage of cyber skills poses a critical challenge over the next 2–3 years.
- Both generalists and specialists need cyber expertise to adapt to the growing demands.
5. Networked Enterprises and Third-Party Risks
- Enterprises must assess ecosystems, communication bridges (e.g., APIs), and key suppliers like cloud providers.
- Third-party risks, including data guarantees from cloud and AI providers, demand closer scrutiny.
6. Geopolitical Threats
- Companies need to bolster defenses based on geographic exposures and supply chain risks, including software and VPN origins.
7. Speed of Reaction
- Metrics like Mean Time to Detection (MTTD) and Mean Time to Response (MTTR) are critical to assessing crisis readiness.
- Seamless information sharing within organizations improves reaction speed.
8. Strengthening Governance and Cooperation
- Collaboration between internal audit, CISOs, and first-line teams is key to staying aligned with evolving risks, while maintaining independence.
The recording is available here.