Skip to main content

Hot topics for technology and digital risk 2025

An internal audit viewpoint

Welcome to the 14th edition of Deloitte’s technology and digital risk hot topics for internal audit.

The report offers insights into the UK technology risk landscape, derived from our survey, as completed by Heads of Information Technology (IT), Heads of Internal Audit, and business leaders across all sectors.

In today's increasingly interconnected world, advancements in digital technology can present unparalleled opportunities for growth and innovation. These advancements can unlock new organisational capabilities, and simultaneously expand the scope and complexity of the technology and digital landscape for technology teams. However, this evolution also exposes organisations to a new frontier of risks that are more complex and fast evolving than ever before.

This report delves into the critical role that internal audit can play in helping technology functions, CIOs and businesses navigate this challenging landscape. We explore how a robust internal audit function can provide assurance, offer advice, and help organisations proactively mitigate risks.

Through insightful analysis and practical recommendations, this report serves as a guide for audit professionals, as well as technology and business leaders seeking to enhance their understanding of:

  • The evolving digital risk landscape and its implications.
  • What internal audit can do to effectively address emerging digital risks.
  • How to build a collaborative and robust risk management culture across the organisation.
  • Best practices for leveraging data analytics and technology to strengthen audit procedures and provide deeper insights.
  • How to embrace a proactive and agile approach to risk management and audit, so that organisations confidently harness the power of digital transformation while safeguarding their assets, reputation, and long-term success.

Some of the key focus areas for organisations will be:

Cybersecurity remains a top concern due to the increasing reliance on digital systems and the constantly evolving threat of cyber-attacks. Organisations face the risk of disruption, reputational damage, and financial losses from breaches, making robust security crucial. The demand for cybersecurity skills outstrips supply, while new regulations like the SEC's cyber disclosure rules and the NCSC's Cyber Assessment Framework add further complexity.

Financial firms face a ticking clock on resilience. With the PRA's SS1/21 deadline looming, full implementation is critical, but firms must also plan for the long haul. Meanwhile, DORA's January 2025 deadline adds another layer of urgency for organisations with EU market exposure. Resilience is no longer a choice, it's an imperative. Non- FS organisations are increasingly leaning into best practice arising from these regulations to build their resilience posture.

Artificial intelligence (AI) continues to climb the hot topic ranks. It's transforming internal audit processes, but also creating new risks for organisations through AI-powered attacks. Navigating the regulatory and ethical complexities of responsible AI use is a key challenge for businesses.

Technology strategy and governance are back in the spotlight. A strong IT governance framework is crucial for navigating today's risk landscape, yet many organisations struggle with implementation and lack leadership buy-in. This disconnect hinders strategic decision-making and creates unnecessary risk.

The increasing regulatory focus on resilience during transformation is significantly impacting how organisations approach strategic change  implementation. Factoring the upcoming joint Financial Services industry consultation on incident and third-party reporting, and the cyber security and resilience bill adds complexity to existing change management practices for the wider market. The new landscape necessitates closer collaboration between change functions, risk teams, and internal audit functions, to ensure compliance, gain insights into evolving regulatory requirements, and foster a proactive risk management culture.

Download the report to view the results of this year’s survey as we deep dive into the top 10 priorities for organisations to consider in their 2025 technology internal audit plans.

Did you find this useful?

Thanks for your feedback