This practical guidance is part of Risk in Focus 2021 publication and addresses the key topic: cybersecurity and data security.
It was developed following the Risk in Focus research by 10 European institutes of internal auditors. Its aim is to help practitioners learn from experienced professionals (experts, operational teams or internal audit) and, to offer practitioners useful reflections that we believe are of particular interest when auditing this topic.
About the guidance – Cybersecurity and data security has been one of the top three priority risks identified in Risk in Focus over the past five editions. It is documented as the number one priority risk for 2021, and this trend is expected to continue for the next three years. As a result, a number of resources have been produced within the ECIIA network to support practitioners navigating this risk.
In particular, this guidance takes into consideration the human factor involved in cyber security and data security, and the good practices we can take from our peers in this regard.