Internal audit leaders are starting to feel vulnerable to increasingly brazen cyber-attacks, based on the results of the latest poll by the Institute of Internal Auditors.

Nearly 7 in 10 internal audit leaders participating in IIA’s annual “Pulse of Internal Audit” survey ranked cyber-attacks and other security issues as a major concern for their companies, but only about one-third said they have high confidence in their organizations’ ability to identify and address such emerging risks. “Our latest survey reveals disturbing gaps in both corporate awareness and responsiveness, based upon the views of those tasked with raising the red flags – the chief audit executives,” said Richard Chambers, president and CEO of the IIA, in a statement. “It’s clear that organizations must improve how they identify emerging risks and related risk-mitigation strategies.”

The IIA says it will release the full report with the opening of its annual “General Audit Management” conference in early March. Chambers is alarmed by survey findings that suggest the majority of internal audit leaders are not identifying organizational instability as a high priority, and few are looking at geopolitical instability as a priority. The survey showed only 45 percent of audit leaders saw organizational sustainability as a high priority, yet only 6 percent placed high priority on gauging the impact of major geopolitical developments, like global health threats, economic sanctions, or other factors.

That’s a dangerous combination, the IIA says, because it suggests an inability to fully understand the effect of existing conditions on an organizations’ ability to identify emerging risks. “This shortcoming is influenced by any number of factors,” said Chambers. “But whatever the cause, this is something CAEs must consider when developing annual audit plans that allocate resources to identifying and monitoring emerging risks.”

The survey results also suggest the talent shortage in the profession is growing, perhaps exacerbating a shortfall in identifying and understanding emerging risks, IIA says. More than half of respondents said competition for qualified internal auditors is contributing to a gap in crucial skills, such as IT and data analytics. Four in 10 respondents put a high priority on attracting and retaining talent.