Organisations are facing unprecedented challenges; rapid technological advancements, particularly the ultra-rapid acceleration of Artificial Intelligence (AI), create a volatile digital risk landscape, exacerbated by increasing system interconnectedness, evolving regulations, and ongoing global uncertainty and geopolitical disruption.

Deloitte's 15th annual technology and digital risk hot topics report for internal audit arrives at a critical juncture, highlighting key technological shifts driving increased risk for internal audit teams to consider in their 2025-26 plans.

Key risks shaping the future

The rapid evolution of technology is fundamentally altering the risk landscape for organisations. This year's report focuses on the convergence of several critical factors demanding a proactive and strategic approach from internal audit functions. Strong IT governance, resilience, and effective third-party risk management are key to mitigating risk and capitalising on opportunities. Recent high-profile cyber incidents underscore the urgency of these foundational elements. 

Our report explores how internal audit can effectively integrate innovation and established principles for a future-proof risk management strategy. It also tries to look beyond the immediate concerns and raise a discussion on emerging technology topics. By highlighting these future challenges, we hope to equip internal audit functions - as well as CIO and IT Risk functions - with the foresight needed to proactively address risks and ensure the long-term sustainability and success of their organisations.

Some key highlights:

• The rise of generative AI (GenAI): Integrating AI has introduced new complexities  and risks around data security, bias, explainability and acceptable usage; these, coupled with an evolving regulatory landscape (e.g., The EU AI Act), create novel risks requiring adaptive risk management strategies.
• Expanding cloud environments: Data sovereignty and national security concerns leads to a more fragmented cloud landscape, with the regionalisation of the cloud market and risks around service disruption, vendor lock-in, and difficulties ensuring data compliance across multiple jurisdictions. Environmental, social, and governance (ESG) factors are also gaining significant traction in cloud strategies.
• Global supply chain vulnerabilities: The complex and interconnected global supply chains, coupled with unpredictable geopolitical shifts, have amplified the vulnerability of organisations reliant on third-party services. Cyberattacks, data breaches, and compliance failures in third-party ecosystems are frequent occurrences, significantly impacting businesses. The lack of reliable, accurate information from third and fourth parties further exacerbates the issues.
• Sophisticated cyber-attacks: Attackers are leveraging AI for automated phishing campaigns, sophisticated malware development, and the rapid identification of vulnerabilities. This demands a shift towards AI-driven security solutions for detection and response. Robust security measures, including multi-factor authentication, endpoint detection and response (EDR), data loss prevention, and comprehensive security awareness training, are vital.