How Internal Audit and InfoSec Can Team Up on CyberSec

Cybersecurity remains a top challenge for any organization that leverages technology — a reality that encompasses nearly all modern businesses, from startups to enterprises. As a result, exploiting vulnerable organizations has become big business. In 2023, more than 3,200 data compromises were reported in the U.S. alone, affecting more than 350 million individuals.

Increasingly, risk managers recognize that holistic approaches to cybersecurity are foundational to building cyber-resilient organizations. 

 

Effective cyber risk management demands alignment, transparency, and collaboration across the enterprise, particularly between internal audit and information security. More than 80% of respondents to the 2025 North American Pulse of Internal Audit survey reported that meetings between internal audit and information security are common. The survey also revealed a strong association between the frequency of meetings and the effectiveness of the relationship between the two functions.  

 

Audit and InfoSec leaders from roundtable discussions hosted by the Internal Audit Foundation and AuditBoard in November 2024 further emphasized the positive results of developing strong, collaborative relationships. These frontline leaders described benefits including aligned risk assessments, improved regulatory compliance efforts, combined assurance, and better communication with the board.

 

Download your copy of Natural Allies: Nurturing Cyber Resilient Cultures Through Internal Audit-Information Security Collaboration to learn: