PwC: Internal audit’s role critical to combat ever-changing hacker profiles

By Rob Starr, Content Manager, Big4.com

According to a new PwC US whitepaper titled Fortifying your defenses: The role of internal audit in assuring data security and privacy, With more companies migrating into the digital realm and relying on hacker-susceptible mobile and cloud technologies, data security threats and breaches have increased exponentially.

According to the whitepaper, government bodies are increasing the penalties they impose on companies whose security flaws allow data breaches. At least 50 countries have enacted data privacy laws, and more are expected to follow.

Jason Pett, PwC’s U.S. internal audit services leader comments:

“No matter how strong a company’s data security policies and controls are, a company won’t really know the adequacy of its defense if it doesn’t continually verify that those defenses are sound, uncompromised and applied in a consistent manner,” he says. “Internal audit has to play a far more substantial role in information security, and audit committees must also increase their attention on the increasing risk, heightening the expectations they place on internal audit to place adequate focus on data security and privacy concerns.”

The three lines of defense that companies should initiate include management and  companies that are good at managing information security risks typically assign responsibility for their security regimes at the highest levels of the organization. Management has ownership, responsibility and accountability for assessing, controlling and mitigating risks.