Story image

Gartner: data risk audit executives’ top concern for 2019

29 Oct 2018

Risks surrounding data and analytics are the primary concerns of chief audit executives (CAEs) for 2019, according to Gartner.

Based on a survey of 144 CAE clients, Gartner has identified the major risks that boards, audit committees and executives need to prepare for in the coming year.

The pursuit of digital business models to drive growth has increased the amount of data collected and processed by businesses at a time when public and regulatory scrutiny is very high.

This has led to heightened risks around data governance, which CAEs plan to watch closely.

“Companies face major challenges in applying proper data governance, maximising the value they get from data, and complying with the fragmented data regulation landscape,” says Gartner audit research vice president Malcolm Murray.

“Recent high-profile data breaches and increased public attention have raised the stakes for organisational accountability, and it’s only going to get tougher in 2019.”

Murray shared the top data and analytics risks that will concern audit executives in 2019.

Data governance - New data privacy regulations such as GDPR and high-profile breaches have expanded the compliance, financial and reputational risks of data usage and protection.

Although data-driven business strategies are necessary to increase efficiency and competitiveness, only 37% of organisations have formal data governance frameworks in place.

As the complexity and volume of data increases, companies should implement formal data governance frameworks to mitigate the risks caused by security threats and privacy issues.

Companies can develop a framework by first creating an inventory of data assets across the business and establishing a data classification policy. In addition, they should review data analytics training and talent assessments.

Third parties - As companies increasingly rely on partnerships for digital initiatives, they are expanding their reliance on third parties - and fourth and fifth parties, if not even more. This amplifies their exposure to operational and regulatory risk.

Nearly 70% of CAEs report third-party risk as one of their top concerns, but many organisations still struggle to account for and manage it.

To help mitigate this risk, organisations must increase visibility into the operations of third parties and strengthen their focus on third parties’ information security behaviours.

Internal audit teams can help by evaluating third-party contracts and compliance efforts, as well as investigating regulatory requirements for third-party data handling.

Data privacy - Although data can confer competitive advantages, recent high-profile security breaches show the negative impact of data privacy failures.

In fact, data privacy is a top concern for organisations across the board.

In response to GDPR enforcement uncertainty, companies must expedite implementation of GDPR mandates - such as transparency, consent and breach reporting - or risk regulatory fines and other sanctions.

Organisations must also take steps to regain customers’ trust or suffer a potential loss of customers.

Gartner has predicted that more than half of companies affected by GDPR will not be in full compliance with it by the end of 2018.

“Data-related risks continue to evolve, and CAEs have a key role to play in helping companies implement clear frameworks and repeatable processes to navigate this ever-changing threat landscape,” says Murray.

In addition to data and analytics, other risk themes CAEs are watching closely for 2019 include IT vulnerabilities, risks stemming from cost and growth pressures, and the vastly shortened planning horizon that executives face.

Gartner creates its annual Audit Plan Hot Spots report by combining input from interviews and surveys from across its global network of client organisations and experts.

Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
SIS announces a partnership with Platform 4
“We are looking forward to a strong future in the New Zealand security industry with this global giant as our strategic partner."
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.