PwC: Internal audit’s role critical to combatting hackers

By Rob Starr, Content Manager, Big4.com

A new PwC US whitepaper titled Fortifying your defenses: The role of internal audit in assuring data security and privacy finds data security threats and breaches have increased exponentially, with more than 1,037 publicly reported incidents of loss, theft or exposure of personally identifiable information recorded in 2011.

As data thieves become increasingly creative, corporate policies, procedures, tools, training and compliance efforts have not kept up. In some instances, PwC found that some security capabilities have actually diminished over the last three years. In 2011, only 39 percent of nearly 10,000 executives in 138 countries said they reviewed their privacy policies annually, compared to 52 percent in 2009. Only 41 percent had an identity management strategy in 2011, a decrease from 48 percent in 2009.

Jason Pett, PwC’s U.S. internal audit services leader comments:

“No matter how strong a company’s data security policies and controls are, a company won’t really know the adequacy of its defense if it doesn’t continually verify that those defenses are sound, uncompromised and applied in a consistent manner,” he said. “Internal audit has to play a far more substantial role in information security, and audit committees must also increase their attention on the increasing risk, heightening the expectations they place on internal audit to place adequate focus on data security and privacy concerns.”