Deloitte Survey Reveals Cybersecurity as Audit Committees' Top Priority Amid Growing Digital Risks

Key Findings from Deloitte's Audit Committee Practices Report

In a rapidly evolving digital landscape, cybersecurity has emerged as a paramount concern for audit committees, according to the recent 2025 survey conducted by Deloitte in collaboration with the Center for Audit Quality (CAQ). This survey reveals insightful trends and shifting priorities that could shape the way organizations approach risk management in the coming years.

Cybersecurity Tops the List

The survey, which gathered responses from 237 audit committee members primarily of U.S. public companies valued at $2 billion or more, reveals that 93% of respondents regard cybersecurity as one of their top three priorities. More strikingly, half of these respondents characterized it as the leading priority. The consistent emphasis on cybersecurity in the survey's four-year history underscores the growing complexity of digital threats and the urgent need for vigilance in this area.

Vanessa Teitelbaum, Senior Director at CAQ, emphasized, "The stakes have never been higher" for audit committees. The financial, operational, and reputational risks posed by cyber threats dictate that committees must enhance their focus and expertise. About 71% of participants confirmed that cybersecurity is a regular agenda item during quarterly meetings, demonstrating the extent to which this priority is integrated into audit committee activities.

Enterprise Risk Management: A Close Second

Following cybersecurity, enterprise risk management (ERM) has been identified as the second-highest concern among audit committees. The survey participants conveyed a strong recognition of ERM's role in achieving organizational goals and maintaining the integrity of stakeholder relationships. This insight aligns with the increasing complexities in the business environment, where effective risk management is vital for sustaining a competitive edge.

The Rise of AI Governance

An interesting trend noted in the survey is the growing importance of artificial intelligence (AI) governance within audit committee discussions. The response rate acknowledging AI governance as a key area of focus has jumped from 20% to 35% in just one year. As more organizations adopt transformative technologies, AI governance becomes critical to address the associated risks and ethical considerations.

Enhancing Meeting Effectiveness

Despite the challenges posed by shifting priorities, enhancing the effectiveness of audit committee meetings continues to be a topic of discussion. The survey revealed that 69% of participants identified opportunities for improvement in meeting quality and engagement. Notably, 40% advocated for better presentation quality during discussions, indicating this aspect's newfound significance.

Krista Parsons, Managing Director at Deloitte, noted that "the ability to prioritize agendas effectively and engage in open discussions drives overall effectiveness handed to the committees." This reflects a broader acknowledgment of the need for committees to adapt to new risks and maximize their roles in governance.

Conclusion

In light of the survey findings, it is evident that audit committees are navigating a complex landscape filled with various risks to their organizations. Cybersecurity remains a constant concern, with ERM and AI governance climbing in importance. As global threats evolve and organizational needs shift, audit committees must actively transform their strategies to maintain oversight and ensure organizational resilience in an increasingly unpredictable business environment.

Deloitte’s report comes as a call to action for organizations to reassess their risk management frameworks, emphasizing the critical need for proactive strategies that address the challenges of cybersecurity and technological advancement. With an informed and engaged approach, audit committees can effectively navigate the complexities of the modern corporate sphere while safeguarding their stakeholders’ interests.