MNP.ca

IIA CANADA WEBINAR POLL RESULTS

Benchmark your Internal Audit Cyber Approach

10%

ISO 27001

6%

PCI DSS

10%

NIST Cyber Security Framework

44%

COBIT

6%

Top 20 Critical Security Controls

2%

SOC2 Trust Service Principles

10%

Industry Specific (NERC)

11%

No answer

More than 340 participants polled by MNP and IIA Canada responded to questions about how their business was managing cyber security risks. The results showed a heightened awareness of cyber security but that more work needs to be done.

Which security control frameworks do you work with in your business?1

The results show that of those polled, the COBIT framework was the most popular security framework being used by organizations, but as noted, MNP professionals were having increasing success in working with Top 20 Critical Security Controls.

How often do you perform a cyber audit?2

The results show most organizations were performing cyber audits on an annual basis. However, MNP advocates a risk-based approach to determine the frequency and scope of cyber risk assurance activities.

On a continual basis 12%

4% Semi annual

Annual

Every two years

29%

Greater than two years

We don’t / never

No answer

12%

14%

17%

12%

How well does your organization’s culture positively influence its cyber resiliency?3

Of those polled, results indicate an organization’s culture moderately influenced cyber resiliency. We note that for many boards and regulators, creating a culture of risk management has become an area of emphasis.

Not at all Minimally Moderately Extensively I don’t know No answer

3% 13% 43% 15% 10% 16%