Webinar | Risk in Focus 2025: Cybersecurity

Webinar | Risk in Focus 2025: Cybersecurity

Webinar | Risk in Focus 2025: Cybersecurity 1200 570 ECIIA

Event Recap

On November 26, 2024, ECIIA and the European Institute Research Group (EIRG) hosted an insightful webinar on Risk in Focus hot topic: Cybersecurity. The panel of industry experts explored:

  • The demand for cyber expertise and challenges in sourcing skilled talent.
  • Increasing exposure to cyber threats through extended value chains.
  • The role of AI in amplifying cyber risks and influencing governance.
  • Rapid responses to evolving threats and geopolitical impacts on cybersecurity.
  • Collaboration across the three lines of defense to reduce risks effectively.

The session also highlighted practical strategies for internal auditors to help organisations navigate these challenges.

Speakers:

  • Daniele Federici – Head of Global Internal Audit, Landis+Gyr
  • Deepinder Chhabra – Associate Director – GRC – Security Consulting Services
  • Luca Mario Antonio Laguardia – Head of Internal Audit, Fabrick
  • Valerie Schipman – Director, Audit IT & Digital, Renault Group
  • Guy Philippe Goldstein – Strategic Advisor, Expon Capital

Key takeaways from the discussion included:

1. Cyber and IT Dimensions: Central to Auditing
  • Audit activities today are inseparable from Cyber and IT considerations.
  • Cyber audits now encompass resilience building and refined business impact analyses.
  • Regulations, like DORA in finance, are driving the focus on cybersecurity.
2. AI: A Game-Changer with Challenges
  • Auditing AI systems requires attention to attack vectors, privacy compliance, and cybersecurity by design.
  • Unique challenges include addressing discrimination and bias within AI systems.
3. Emerging Risks: Social Engineering & Deepfakes
  • Traditional phishing defenses are improving, but companies must now prepare for fake virtual conferences and advanced phishing tactics.
  • Business roles and responsibilities must be better defined to manage access and authorization risks.
4. Human Resource Challenges
  • A shortage of cyber skills poses a critical challenge over the next 2–3 years.
  • Both generalists and specialists need cyber expertise to adapt to the growing demands.
5. Networked Enterprises and Third-Party Risks
  • Enterprises must assess ecosystems, communication bridges (e.g., APIs), and key suppliers like cloud providers.
  • Third-party risks, including data guarantees from cloud and AI providers, demand closer scrutiny.
6. Geopolitical Threats
  • Companies need to bolster defenses based on geographic exposures and supply chain risks, including software and VPN origins.
7. Speed of Reaction
  • Metrics like Mean Time to Detection (MTTD) and Mean Time to Response (MTTR) are critical to assessing crisis readiness.
  • Seamless information sharing within organizations improves reaction speed.
8. Strengthening Governance and Cooperation
  • Collaboration between internal audit, CISOs, and first-line teams is key to staying aligned with evolving risks, while maintaining independence.

The recording is available here.

Our website uses cookies, mainly from 3rd party services. Please read our Privacy & Cookies Policy to learn more.