Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 221

An internal auditor for a pharmaceutical company is planning a cybersecurity audit and conducting a risk assessment.

Which of the following would be considered the most significant cyber threat to the organization?

Answer options

• A. Cybercriminals hacking into the organization's time and expense system to collect employee personal data.
• B. Hackers breaching the organization's network to access research and development reports.
• C. A denial-of-service attack that prevents access to the organization's website.
• D. A hacker accessing the financial information of the company.

Correct answer: D

Explanation

The correct answer is D, as accessing financial information can lead to significant financial loss and damage to the company's reputation. While options A, B, and C represent serious threats, the impact of a breach involving financial data is typically more severe, making it the most significant concern for the organization.