Internal Audit Focal Points for 2026 as AI Impacts Conventional Cybersecurity – Tim Lietz – BSW #431
Key emerging risks include cybersecurity (41%) and Generative AI (Gen AI) (35%), both of which present challenges in skill development and retention. The growing reliance on external providers reflects these gaps. In two years, strategic risk has fallen 10% as technological advancements have shifted auditors’ attention away from strategy. So what are the top concerns?
Tim Lietz, National Practice Leader Internal Audit Risk & Compliance at Jefferson Wells, joins Business Security Weekly to discuss the shifting priorities for internal audit leaders, with technology, business transformation and digitization remaining central amid rising economic uncertainty. This reflects the broader economic challenges and uncertainties that organizations are facing in the current environment. Tim will discuss the need for enhanced skills inAI, cybersecurity and digital transformation and why Internal Audit is increasingly seen as a strategic partner in navigating transformation within their organizations.
Segment Resources: - https://www.jeffersonwells.com/en/internal-audit-report-2025
In the leadership and communications segment, Conventional Cybersecurity Won’t Protect Your AI, Will Cybersecurity Budgets Increase in 2026?, To Execute a Unified Strategy, Leaders Need to Shadow Each Other, and more!
Security Weekly listeners save $100 on their RSAC 2026 All Access Pass! RSAC 2026 Conference will take place March 23rd to March 26th in San Francisco. To register using our discount code, please visit securityweekly.com/rsac26 and use the code 56U5SECWEEKLY! We hope to see you there!
Matt Alderman
- Research: Conventional Cybersecurity Won’t Protect Your AI
As AI embeds itself into every corner of business, most executives continue to underestimate the distinct security risks these systems pose. Legacy defenses, designed for rule-based software, cannot safeguard gen AI systems that learn and adapt from data. By combining survey data, executive interviews, and lab analysis, new research reveals systemic gaps: fragile supply chains, opaque vendor services, and an acute shortage of AI-security talent. The implications are clear. Leaders must move beyond patching applications and instead harden the infrastructure and supply chains on which AI depends, while harnessing AI itself as a front-line defense to ensure resilience.
- Enterprise cybersecurity in 2026: What CISOs and security leaders expect
The era of “prevent everything” is over.
In 2026, cybersecurity experts predict the sector will no longer be a technical problem to be contained, but a business risk to be managed. Breaches are inevitable, supply chains are porous and identity — human and machine — has become the defining attack surface.
- Will Cybersecurity Budgets Increase in 2026?
Cybersecurity budgets have undergone multiple cycles of expansion and contraction over the last decade. After slow but steady increases for several years, the COVID-19 pandemic led to a boom in spending as work shifted to cloud-based systems and remote locations, making data and systems more vulnerable to attackers.
Then, with inflation, economic uncertainty and a growing focus on artificial intelligence (AI) in the last three years, cybersecurity budgets tightened, leading to less entry-level work for many cyber and tech professionals, while critical positions remained open.
Now, new research finds the tide might turn again in 2026, with CISOs and other cyber executives ready to work with bigger budgets and increased spending. In a survey of 300 C-suite and senior security leaders, services and consulting firm KPMG found that 98 percent of their respondents confirmed they received budget increases over the previous 12 months heading into the new year.
- How CIOs can brace for AI-fueled cyberthreats
Executives are carefully tracking the rise in AI use for cyberthreats, bolstering basic preparedness tactics and increasing cyber spend in response.
- To Execute a Unified Strategy, Leaders Need to Shadow Each Other
A one-company approach, characterized by an integrated strategy, aligned organizational structures, and common firm-wide practices, is essential to ensure a consistent client experience, especially during strategic transformations. Capturing the full value of operating as one company is elusive—but for the organizations that succeed, the rewards are transformative. Achieving success requires superior internal collaboration and mutual commitment toward ambitious strategic goals. How do you design for organizational collaboration? How do you scale with speed, especially if you’re a large organization? The solution is employee shadowing, which enables employees to develop a common understanding and build company-wide connections.
- The New Weak Link in Compliance Isn’t Code – It’s Communication
Cybersecurity has never been only a technical problem, but the balance of what truly makes an organization secure has shifted dramatically. For years, the industry assumed the greatest dangers lived in code — in vulnerable servers, old libraries, unpatched systems, and brittle authentication flows. Enterprises poured money and time into shoring up these weaknesses with secure frameworks, DevSecOps hardened applications and strengthened network controls. Many organizations now sit on the most resilient technical foundations they’ve ever had.
