Global Site
Argentina Aruba Barbados Bolivia Brazil Canada Cayman Islands Chile Colombia Costa Rica Curacao El Salvador Guatemala Honduras Mexico Paraguay Peru Puerto Rico Saint Martin Suriname United States Uruguay Venezuela
Australia Cambodia China Hawaii Hong Kong India Indonesia Japan Macau Malaysia Maldives Mongolia Myanmar Nepal New Zealand Pakistan Philippines Singapore South Korea Sri Lanka Taiwan Thailand Vietnam
Albania Andorra Armenia Austria Azerbaijan Belgium Bulgaria Croatia Cyprus Czech Republic Denmark Estonia Finland France Georgia Germany Greece Hungary Ireland Italy Kazakhstan Kosovo Latvia Lithuania Luxembourg Malta Moldova Netherlands Norway Poland Portugal Romania Serbia Slovakia Slovenia Spain Sweden Switzerland Tajikistan Turkey Ukraine United Kingdom Uzbekistan
Algeria Angola Bahrain Egypt Ghana Israel Jordan Kenya Kuwait Lebanon Liberia Mauritius Morocco Mozambique Nigeria Oman Qatar Saudi Arabia Senegal Sierra Leone South Africa Tanzania Togo Tunisia Uganda United Arab Emirates Yemen
home Insights
exe

Cybersecurity and Challenges for the Audit Profession

28/08/2025
exe

Emerging technologies are reshaping economies and transforming the way organisations operate. Governments and businesses are increasingly adopting Fourth Industrial Revolution (IR 4.0) technologies such as artificial intelligence (AI), cloud computing, the Internet of Things (IoT), and blockchain to enhance efficiency, competitiveness, and innovation (WEF, 2024; Kenosi, Zlotnikova, and Sigwele, 2024).

In countries with advanced digital infrastructure—such as Germany, France, and Sweden—broad adoption of these technologies has had a measurable positive impact on GDP per capita, driven by resource accessibility, operational efficiency, and innovative business models (Fortea, 2024). However, the same digital transformation that enables growth is also fuelling the rise of cybersecurity threats that no industry can afford to ignore.

The Rising Cybersecurity Threat Landscape

The rapid adoption of digital tools has been accompanied by a surge in cyber risks, including ransomware, phishing scams, data breaches, insider threats, and distributed denial-of-service (DDoS) attacks (WEF, 2025). Modern organisations must secure a complex network of digital assets—ranging from IT infrastructure and applications to cloud services, mobile devices, and operational technology (OT) systems.

New vulnerabilities such as Log4Shell, malicious AI usage, IT/OT security convergence, and evolving cloud threats can emerge without warning (Statista, 2025). Cybercrime has escalated from a niche IT concern to one of the top five global strategic threats, with ransomware remaining among the most disruptive risks for EU Member States (WEF, 2025; ENISA, 2024).

High-profile incidents—including the Conti ransomware attack on Ireland’s Health Service Executive in 2021 and coordinated DDoS campaigns by pro-Russian group Killnet against government websites in 2022—demonstrate the potential for severe disruption to critical infrastructure and public services (ENISA, 2022; Health Service Executive, 2022).

According to BD Emerson (2025), cybercrime accounts for approximately 850,000 incidents annually worldwide, with public administration, professional services, and finance being the most targeted sectors. The global cost is projected to reach USD 10.29 trillion in 2025, rising to USD 15.63 trillion by 2029 (Statista, 2025).

Why Cybersecurity Matters for the Audit Profession

The Fourth Industrial Revolution is transforming audit, pushing auditors to adapt to technology-driven environments (Mpofu, 2023). Beyond traditional responsibilities, auditors must now evaluate:

  • Internal controls for information security.
  • IT general controls (ITGC) with a cybersecurity lens.
  • FinTech innovations and their impact on financial integrity.
  • Incident response and governance processes.

Cyber risks increasingly threaten the integrity of financial reporting (Mirza, 2025). As part of their responsibility to assess the risk of material misstatement, auditors must move from merely identifying issues to anticipating and mitigating cyber-related risks, including those that could enable fraud (Zaytoun and Elhoushy, 2024).

However, research indicates a gap in established methodologies for integrating cybersecurity assessments into financial audits (Kurniawan and Mulyawan, 2023). Many audits still focus heavily on historical financial data, overlooking the dynamic nature of cyber threats (Boss, Gray and Janvrin, 2022).

Regulatory Developments and Industry Response

Regulators and standard-setters are acting. The IAASB and the European Commission are urging auditors to strengthen cyber risk evaluation within financial audits—covering ITGCs, vulnerabilities in cloud-based systems, and the impact of cyber incidents on financial statements (Ntafloukas, 2023).

This priority is reflected in the February 2024 Exposure Draft of ISA 240, which proposes expanded auditor responsibilities related to fraud and cyber risk (IAASB, 2024). Compliance with frameworks such as ISO 27001, GDPR, SOC 2, and the EU NIS2 Directive is increasingly expected, though compliance alone is not enough.

The real challenge lies in elevating cybersecurity to a strategic board-level priority, with clear governance, accountability, and integration into audit processes.

The Way Forward – Crowe Moldova’s Perspective

At Crowe Audit Moldova, we believe that the evolving threat landscape requires auditors to:

  • Integrate cyber risk assessments into audit planning and execution.
  • Expand ITGC evaluations to include cyber governance, incident response, and security controls.
  • Collaborate closely with CFOs, CISOs, and boards to ensure strategic alignment.
  • Adopt proactive measures such as security assessments, threat intelligence, multi-factor authentication, encryption, and disaster recovery planning.

Our role is to help clients not only meet regulatory requirements but also strengthen resilience against cyber threats that could undermine financial stability, compliance, and reputation.

Cybersecurity is no longer an IT issue—it is a governance, compliance, and strategic priority. In this new digital reality, the audit profession must evolve to protect stakeholders, markets, and public trust.

At Crowe Audit Moldova, we will continue analysing the evolving cybersecurity landscape and its implications for the audit profession. In the coming months, we will publish additional articles offering insights, practical recommendations, and regulatory updates to help organisations strengthen resilience and ensure compliance in an increasingly complex digital environment.