Abstract
The aim of this paper is to analyze how effective internal audit of cybersecurity is. We developed a Cybersecurity Audit Index composed of three dimensions (planning, performing and reporting) to address this question. We hypothesize that CSA effectiveness is positively related to cyber risk management maturity and negatively to the probability of a successful cyber attack. We tested our hypotheses in a survey with auditors and Chief Audit Executives from various countries and industries. We found that CSA Index scores significantly vary, with a mean of 58 on a scale from 0 to 100. While planning and performing CSA are strongly and positively correlated, they are less strongly related to reporting about CS risk management effectiveness to the Board of Directors. In line with our hypothesis, the CSA Index is positively associated with CS risk maturity, but contrary to our hypothesis, it is not related to the probability of a cyber attack. This is the first paper that comprehensively measures the effectiveness of cybersecurity audit and its effects on CS risk management.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
