Cybersecurity vulnerabilities and the rapid rise of generative AI (GenAI) have become the two most critical risks identified by internal auditors for 2025, according to a new report from Jefferson Wells. The findings reflect growing anxiety among organisations as they confront sophisticated cyberattacks, expanding regulatory scrutiny and escalating concerns around the unchecked use of AI tools within corporate environments.
The survey highlights that internal auditors are now prioritising cyber resilience more aggressively than in previous years, owing to a surge in ransomware, supply-chain attacks and identity-based breaches. Many organisations continue to struggle with legacy systems, inadequate monitoring and skill shortages—factors that heighten vulnerability. Auditors also flagged increasing board-level expectations for continuous cyber assurance rather than periodic assessments, putting further pressure on risk and audit teams.
GenAI adoption is emerging as an equally significant threat, driven by the widespread use of AI tools for decision-making, customer engagement and content creation. Internal auditors warn that ungoverned GenAI usage can expose companies to data leakage, compliance failures, ethical lapses and model-drift issues. The report notes that while companies see AI as a competitive advantage, many lack formal governance mechanisms, audit trails or clarity on how models generate outputs—raising concerns around explainability and control.
Talent shortages also feature prominently, with organisations facing difficulty in hiring and retaining skilled cybersecurity and AI-governance professionals. This shortage, combined with rising regulatory expectations globally, is pushing companies to invest in automated controls, continuous assurance platforms and cross-functional risk programs. Internal auditors stress that businesses must strengthen governance frameworks, enhance training and embed AI-specific controls if they are to manage emerging risks effectively.
As cyber threats intensify and GenAI adoption accelerates, internal audit functions are evolving into strategic partners for boards, helping organisations rethink risk frameworks and build resilience in an increasingly digital landscape.
For more structured learning, please visit our website Smart Online Course, where we offer multiple courses to help you deepen your understanding of risk management.