As organisations face ever-increasing cyber-security threats, one estimate suggests that cybercrime could cost businesses over US$2 trillion by 2019, nearly four times the estimated 2015 expense. Although increased spending on technology tools may help to address cyber risks more effectively, internal auditors are advocating a holistic approach that includes policies, response planning and board involvement to develop a broader view of an organization’s cyber risks and defences. Nickson Choo, former Governor of IIA Malaysia explains how auditors are now part of the cyber war army.