Cyber-related Risks & Resiliency Report


The risky six

Key questions to expose gaps in board understanding of organizational cyber resiliency

A surprising phenomenon occurred in 2020. The unforeseen stressors of the COVID-19 global pandemic and a forced work-from-home (WFH) model exposed cybersecurity vulnerabilities in organizations around the globe as well as board and management overconfidence in the cyber resiliency of their companies. How could this happen in an age of acute cybersecurity sensitivity when boards have made the battle against cyberattacks a top priority?

The pandemic didn’t create new vulnerabilities; it simply brought existing ones to light. It can be argued the fault is not on the boards or executive leadership alone, but in the fact every organization faces a myriad of ever-evolving risks. Yet, one thing is certain: the task of becoming and remaining cyber resilient is nearly impossible if boards do not have a clear-eyed understanding of their organizations’ cybersecurity strengths and weaknesses. Practitioners and researchers from Ernst & Young LLP or EY and the Institute of Internal Auditors (IIA) conducted extensive analysis to determine the root cause of how and why boards get a skewed picture of their organizations’ ability to protect themselves from cyber-related risks.

Download The risky six and review the following questions six cyber questions every board should be able to answer “yes” to:

Terug naar het nieuwsoverzicht

IIA Nederland

Burgemeester Stramanweg 105F
1101 AA Amsterdam
Contact opnemen

Audit Magazine

Audit Magazine


IIA is dé toonaangevende beroepsorganisatie voor internal auditors. Een lidmaatschap laat u delen in de collectieve kennis van alle vakgenoten in de wereld.
Meer informatie