Latest news with #ISACA
Business Wire
7 days ago
- Business
- Business Wire
AI Use Is Outpacing Policy and Governance, ISACA Finds
LONDON--(BUSINESS WIRE)--Nearly three out of four European IT and cybersecurity professionals say staff are already using generative AI at work – up ten points in a year – but just under a third of organisations have put formal policies in place, according to new ISACA research. AI use is outpacing policy and governance, ISACA finds. The use of AI is becoming more prevalent within the workplace, and so regulating its use is best practice. Yet not even a third (31%) of organisations have a formal, comprehensive AI policy in place, highlighting a disparity between how often AI is used versus how closely it's regulated in workplaces. Policies work twofold to enhance activity and protect businesses AI is already making a positive impact– for example, over half (56%) of respondents say it has boosted organisational productivity, and 71% report efficiency gains and time savings. Looking ahead, 62% are optimistic that AI will positively impact their organisation in the next year. Yet that same speed and scale make the technology a magnet for bad actors. Almost two-thirds (63%) are extremely or very concerned that generative AI could be turned against them, while 71% expect deepfakes to grow sharper and more widespread in the year ahead. Despite that, only 18% of organisations are putting money into deepfake-detection tools—a significant security gap. This disconnect leaves businesses exposed at a time when AI-powered threats are evolving fast. AI has significant promise, but without clear policies and training to mitigate risks, it becomes a potential liability. Robust, role-specific guidelines are needed to help businesses safely harness AI's potential. 'With the EU AI Act setting new standards for risk management and transparency, organisations need to move quickly from awareness to action,' says Chris Dimitriadis, ISACA's Chief Global Strategy Officer. 'AI threats, from misinformation to deepfakes, are advancing rapidly, yet most organisations have not invested in the tools or training to counter them. Closing this risk-action gap isn't just about compliance – it's critical to safeguarding innovation and maintaining trust in the digital economy.' Education is the way to get the best from AI But policies are only as effective as the people who understand - and can confidently put them into practice. As AI continues to evolve, there is a need to upskill and gain new qualifications - 42% believe that they will need to increase their skills and knowledge in AI within the next six months in order to retain their job or advance their career - an increase of 8% from just last year. Most (89%) recognise that this will be needed within the next two years. For more on the 2025 AI pulse poll, visit For ISACA resources on AI, including free content guides as well as training courses and certifications on AI audit and AI security management, visit Notes to Editors All figures are based on fieldwork conducted by ISACA between 28 March and 14 April 2025, amongst a total of 561 business and IT professionals in Europe. In total, ISACA surveyed more than 3,200 business and IT professionals worldwide. About ISACA ISACA ® ( has empowered its community of 185,000+ members with the knowledge, credentials, training and network they need to thrive in fields like information security, governance, assurance, risk management, data privacy and emerging tech. With a presence in more than 190 countries and with nearly 230 chapters worldwide, ISACA offers resources tailored to every stage of members' careers.
Techday NZ
26-06-2025
- Business
- Techday NZ
Organisations lag in AI policies & skills as workplace use surges
A new survey has found that while artificial intelligence use is widespread in workplaces, most organisations are unprepared to address associated risks due to a lack of formal policies and training. ISACA's annual AI Pulse Poll, which surveyed 3,029 digital trust professionals across the globe, revealed that 81 percent of respondents believe employees at their organisation use AI, regardless of whether it is officially permitted. Despite this high adoption rate, only 28 percent of organisations have a formal AI policy in place. According to the research, 22 percent of organisations provide AI training to all staff. In contrast, almost one third of organisations provide no AI training at all, while 35 percent restrict training to IT-related roles. Most digital trust professionals view this skills gap as pressing, with 89 percent saying they will need AI training within the next two years to retain or advance their careers, and 45 percent indicating it will be required within six months. Jamie Norton, Board Director at ISACA, highlighted that the integration of AI tools at work is outpacing the development of organisational oversight and policy. He pointed to growing risks from sophisticated threats, such as deepfakes, that organisations are not sufficiently prepared to counter. AI is already embedded in daily workflows, but ISACA's poll confirms governance, policy and risk oversight are significantly lacking. A security workforce skilled in AI is absolutely critical to tackling the wide range of risks AI brings, from misinformation and deepfakes to data misuse. AI isn't just a technical tool, it's changing how decisions are made, how data is used and how people interact with information. Leaders must act now to establish the frameworks, safeguards and training needed to support responsible AI use. The survey found that while AI is delivering tangible benefits—68 percent report time savings and 56 percent expect a positive impact on their career in the next year—organisations lag in implementing comprehensive frameworks. Only 28 percent have a formal AI policy, although this figure is up from 15 percent last year. Similarly, 59 percent permit the use of generative AI, up from 42 percent in the previous year. Respondents are employing AI for a variety of functions: 52 percent to create written content, 51 percent to boost productivity, 40 percent to automate repetitive tasks, 38 percent for analysing large data volumes, and 33 percent in customer service roles. Despite these applications, understanding of AI remains limited. Over half (56 percent) consider themselves somewhat familiar with the technology, 28 percent very familiar, and only 6 percent extremely familiar. Concerns about the risks associated with AI are significant. Sixty-one percent report being very or extremely concerned about generative AI being exploited by malicious actors. Fifty-nine percent believe AI-powered phishing and social engineering attacks have become harder to detect, and 66 percent expect deepfake attacks to become more sophisticated within the next year. Despite these risks, only 21 percent of organisations are investing in detection or mitigation tools for deepfakes. Questions also remain around organisations' ability to manage the ethical aspects of AI. Forty-one percent think ethical issues such as privacy, bias, and accountability are being addressed adequately, while just 30 percent express high confidence in their organisations' ability to detect AI-related misinformation. For many organisations, AI risks are still not a top-level priority. Only 42 percent view them as an immediate concern. The top cited risks include misinformation or disinformation (80 percent), privacy violations (69 percent), social engineering (63 percent), loss of intellectual property (53 percent), and job displacement (40 percent). Jason Lau, ISACA Board Director and Chief Information Security Officer at commented on the need for continuous learning and updated AI policies. Enterprises urgently need to foster a culture of continuous learning and prioritise robust AI policies and training in AI, to ensure they are equipping their employees with the necessary expertise to leverage these technologies responsibly and effectively—unlocking the AI's full potential. It is just as important for organisations to make a deliberate shift to integrate AI into their security strategies—threat actors already are doing so, and failing to keep pace will expose organisations to escalating risks. The survey indicates that organisations are recognising the need for more AI skills: nearly a third expect to increase jobs for AI-related functions within the next year. Additionally, 85 percent believe many roles will be modified because of AI, while 84 percent rate their own expertise as beginner or intermediate. Seventy-two percent of respondents say AI skills are very or extremely important for professionals in their field at present. The findings suggest organisations must address the skills gap and integrate AI risk management into their broader security and governance strategies if they are to respond to the challenges of expanding AI adoption in the workplace.
Yahoo
17-06-2025
- Business
- Yahoo
2025 Governance, Risk, and Control Conference from ISACA and The IIA Examines Key Cyber, AI, Emerging Tech Topics
Hybrid event provides key insights for GRC and internal audit professionals NEW YORK, June 17, 2025--(BUSINESS WIRE)--ISACA and The Institute of Internal Auditors (The IIA) will jointly present the 12th annual Governance, Risk, and Control (GRC) Conference on 18-20 August 2025, in New York City, NY, and virtually, focusing on leading topics for GRC and internal audit professionals and featuring global leaders in governance, risk and control. Sessions will explore how GRC principles relate to cybersecurity, data, emerging technologies, and personal career development. Other topics include AI, cloud risk management, auditing blockchain, EU cybersecurity regulations, data mining, resilience and risk culture, and third-party risk management. The GRC Conference 2025 will feature two keynote presentations. Rachel Tobac, CEO of SocialProof Security, will dive into the human element of security. Shelly Palmer, CEO of The Palmer Group, will explore quantum computing and guidance for a quantum future. Two pre-conference workshops are being held in-person on Sunday, 17 August, including "Performing an AI Audit using the ISACA AI Audit Toolkit," with instructor Zachy Olorunojowon, Executive Director, Digital Health Strategic Initiative at BC Ministry of Health, and "Navigating Crisis Scenarios as a GRC Professional - An Interactive Experience" with instructors Shawna Flanders, Director of Data Governance, Enterprise Risk, Compliance, and Business Resilience at The IIA, and Chris Stoneley, CISO at Cathay Bank. Attendees can earn up to 16 hours of continuing professional education (CPE) credits for attending the conference, and an additional 8 CPE credits for attending a pre-conference workshop. Registration for in-person attendance will close on Friday, 15 August. For more information about GRC Conference 2025, visit the event pages at ISACA or The IIA. About ISACA ISACA® ( champions the global workforce advancing trust in technology. For more than 55 years, ISACA has empowered its community of 185,000+ members with the knowledge, credentials, training and network they need to thrive in fields like information security, governance, assurance, risk management, data privacy and emerging tech. With a presence in more than 190 countries and with nearly 230 chapters worldwide, ISACA offers resources tailored to every stage of members' careers—helping them to thrive in a rapidly changing digital landscape, drive trusted innovation and ensure a more secure digital world. Through the ISACA Foundation, ISACA also expands IT and education career pathways, fostering opportunities to grow the next generation of technology professionals. About The Institute of Internal Auditors The Institute of Internal Auditors (The IIA) is an international professional association that serves more than 260,000 global members and has awarded more than 200,000 Certified Internal Auditor (CIA) certifications worldwide. Established in 1941, The IIA is recognized throughout the world as the internal audit profession's leader in standards, certifications, education, research, and technical guidance. For more information, visit View source version on Contacts Media Contacts: Bridget Drufke, +1.847.660.5554, communications@ Sarah DuBois, +1.952.688.2588, Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
17-06-2025
- Business
- Yahoo
2025 Governance, Risk, and Control Conference from ISACA and The IIA Examines Key Cyber, AI, Emerging Tech Topics
Hybrid event provides key insights for GRC and internal audit professionals NEW YORK, June 17, 2025--(BUSINESS WIRE)--ISACA and The Institute of Internal Auditors (The IIA) will jointly present the 12th annual Governance, Risk, and Control (GRC) Conference on 18-20 August 2025, in New York City, NY, and virtually, focusing on leading topics for GRC and internal audit professionals and featuring global leaders in governance, risk and control. Sessions will explore how GRC principles relate to cybersecurity, data, emerging technologies, and personal career development. Other topics include AI, cloud risk management, auditing blockchain, EU cybersecurity regulations, data mining, resilience and risk culture, and third-party risk management. The GRC Conference 2025 will feature two keynote presentations. Rachel Tobac, CEO of SocialProof Security, will dive into the human element of security. Shelly Palmer, CEO of The Palmer Group, will explore quantum computing and guidance for a quantum future. Two pre-conference workshops are being held in-person on Sunday, 17 August, including "Performing an AI Audit using the ISACA AI Audit Toolkit," with instructor Zachy Olorunojowon, Executive Director, Digital Health Strategic Initiative at BC Ministry of Health, and "Navigating Crisis Scenarios as a GRC Professional - An Interactive Experience" with instructors Shawna Flanders, Director of Data Governance, Enterprise Risk, Compliance, and Business Resilience at The IIA, and Chris Stoneley, CISO at Cathay Bank. Attendees can earn up to 16 hours of continuing professional education (CPE) credits for attending the conference, and an additional 8 CPE credits for attending a pre-conference workshop. Registration for in-person attendance will close on Friday, 15 August. For more information about GRC Conference 2025, visit the event pages at ISACA or The IIA. About ISACA ISACA® ( champions the global workforce advancing trust in technology. For more than 55 years, ISACA has empowered its community of 185,000+ members with the knowledge, credentials, training and network they need to thrive in fields like information security, governance, assurance, risk management, data privacy and emerging tech. With a presence in more than 190 countries and with nearly 230 chapters worldwide, ISACA offers resources tailored to every stage of members' careers—helping them to thrive in a rapidly changing digital landscape, drive trusted innovation and ensure a more secure digital world. Through the ISACA Foundation, ISACA also expands IT and education career pathways, fostering opportunities to grow the next generation of technology professionals. About The Institute of Internal Auditors The Institute of Internal Auditors (The IIA) is an international professional association that serves more than 260,000 global members and has awarded more than 200,000 Certified Internal Auditor (CIA) certifications worldwide. Established in 1941, The IIA is recognized throughout the world as the internal audit profession's leader in standards, certifications, education, research, and technical guidance. For more information, visit View source version on Contacts Media Contacts: Bridget Drufke, +1.847.660.5554, communications@ Sarah DuBois, +1.952.688.2588, Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Business Wire
17-06-2025
- Business
- Business Wire
2025 Governance, Risk, and Control Conference from ISACA and The IIA Examines Key Cyber, AI, Emerging Tech Topics
NEW YORK--(BUSINESS WIRE)--ISACA and The Institute of Internal Auditors (The IIA) will jointly present t he 12th annual Governance, Risk, and Control (GRC) Conference on 18-20 August 2025, in New York City, NY, and virtually, focusing on leading topics for GRC and internal audit professionals and featuring global leaders in governance, risk and control. 2025 Governance, Risk, and Control Conference from ISACA and The IIA examines key cyber, AI, emerging tech topics. Sessions will explore how GRC principles relate to cybersecurity, data, emerging technologies, and personal career development. Other topics include AI, cloud risk management, auditing blockchain, EU cybersecurity regulations, data mining, resilience and risk culture, and third-party risk management. The GRC Conference 2025 will feature two keynote presentations. Rachel Tobac, CEO of SocialProof Security, will dive into the human element of security. Shelly Palmer, CEO of The Palmer Group, will explore quantum computing and guidance for a quantum future. Two pre-conference workshops are being held in-person on Sunday, 17 August, including 'Performing an AI Audit using the ISACA AI Audit Toolkit,' with instructor Zachy Olorunojowon, Executive Director, Digital Health Strategic Initiative at BC Ministry of Health, and 'Navigating Crisis Scenarios as a GRC Professional - An Interactive Experience' with instructors Shawna Flanders, Director of Data Governance, Enterprise Risk, Compliance, and Business Resilience at The IIA, and Chris Stoneley, CISO at Cathay Bank. Attendees can earn up to 16 hours of continuing professional education (CPE) credits for attending the conference, and an additional 8 CPE credits for attending a pre-conference workshop. Registration for in-person attendance will close on Friday, 15 August. For more information about GRC Conference 2025, visit the event pages at ISACA or The IIA. About ISACA ISACA ® ( champions the global workforce advancing trust in technology. For more than 55 years, ISACA has empowered its community of 185,000+ members with the knowledge, credentials, training and network they need to thrive in fields like information security, governance, assurance, risk management, data privacy and emerging tech. With a presence in more than 190 countries and with nearly 230 chapters worldwide, ISACA offers resources tailored to every stage of members' careers—helping them to thrive in a rapidly changing digital landscape, drive trusted innovation and ensure a more secure digital world. Through the ISACA Foundation, ISACA also expands IT and education career pathways, fostering opportunities to grow the next generation of technology professionals. About The Institute of Internal Auditors The Institute of Internal Auditors (The IIA) is an international professional association that serves more than 260,000 global members and has awarded more than 200,000 Certified Internal Auditor (CIA) certifications worldwide. Established in 1941, The IIA is recognized throughout the world as the internal audit profession's leader in standards, certifications, education, research, and technical guidance. For more information, visit
