Effectiveness of cybersecurity audit

•This study develops an original Index to measure the effectiveness of cybersecurity audit by internal auditors.•Cybersecurity Audit Index consists of three dimensions: planning, performing and reporting.•More effective cyber security audit contributes to a more mature cyber security risk management...

Full description

Saved in:
Bibliographic Details
Published in:International journal of accounting information systems 2022-03, Vol.44, p.100548, Article 100548
Main Authors: Slapničar, Sergeja, Vuko, Tina, Čular, Marko, Drašček, Matej
Format: Article
Language:English
Subjects:
Assurance
Cybersecurity
Index
Internal audit
Maturity
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:•This study develops an original Index to measure the effectiveness of cybersecurity audit by internal auditors.•Cybersecurity Audit Index consists of three dimensions: planning, performing and reporting.•More effective cyber security audit contributes to a more mature cyber security risk management.•We do not find that the effectiveness of cybersecurity audit would be associated with a lower probability of a successful cyber attack. The aim of this paper is to analyze the effectiveness of internal audit of cybersecurity. We developed a Cybersecurity Audit Index composed of three dimensions – planning, performing and reporting – to address this question. We hypothesize that cybersecurity audit effectiveness is positively related to cyber risk management maturity and negatively to the probability of a successful cyber attack. We tested our hypotheses in a survey with auditors and Chief Audit Executives from various countries and industries. We found that Cybersecurity Audit Index scores significantly vary, with a mean of 58 on a scale from 0 to 100. While the planning and performing phases are strongly and positively correlated, they are less strongly related to reporting about cyber risk management effectiveness to the Board of Directors. As predicted, the Cybersecurity Audit Index is positively associated with maturity, but contrary to expectations, it is not related to the probability of a successful cyber attack. This is the first paper that comprehensively measures the effectiveness of cybersecurity audit and its effects on cyber risk management.
ISSN:1467-0895
1873-4723
DOI:10.1016/j.accinf.2021.100548