Wong Edan's
Cover
Cybersecurity

The 43 Percent Illusion: Audit Analytics 2022 Cyber Report Unpacked

March 19, 2026 • By Azzar Budiyanto

Welcome to the Digital Asylum: A Wong Edan Foreword

Greetings, you beautiful, data-obsessed maniacs! Pull up a chair, grab a strong coffee (or something stronger, I don’t judge), and welcome to the digital madhouse. You’re here because you want the truth, and the truth is often crazier than a squirrel on an espresso binge. I’ve been digging through the 2022 Cybersecurity Report from Audit Analytics, and let me tell you—if you thought corporate transparency was a real thing, you’re more ‘edan’ than I am. We live in an era where ransomware is spreading faster than gossip in a small village, yet companies are playing hide-and-seek with their SEC filings. Sit tight, because we are about to dive deep into the technical abyss of the 2022 audit landscape.

1. The Disclosure Gap: The 43% Reality Check

Let’s start with a number that should make any CISO sweat: 43%. According to the Audit Analytics report released in April 2022, less than half of cybersecurity breaches were disclosed in an SEC filing. Out of a sample of 188 cybersecurity breaches analyzed, the majority stayed in the shadows. Why? Because disclosure is painful, it’s messy, and it makes the shareholders scream. But here’s the technical kicker: the variation in how these incidents were reported was staggering.

When we look at the data, we see a massive disconnect between an actual breach and the formal reporting of that breach. Audit Analytics highlighted that while the planning and performing phases of a cybersecurity audit are often strong, the actual reporting phase—communicating that risk to the public or regulators—is where the system breaks down. It’s like building a high-tech security fence but forgetting to tell anyone that the gate has been wide open for six months.

“The numbers don’t lie, but the silence between the lines of an SEC filing speaks volumes. We’re seeing a ‘disclosure lag’ that makes a 56k modem look like fiber optics.” — Wong Edan

The SEC Final Rule Context

While we are looking back at the 2022 data, we have to acknowledge the ripple effect. By 2025, the SEC finalized rules to close these gaps, but in 2022, it was the Wild West. Companies were making subjective calls on ‘materiality.’ If a breach didn’t seem ‘material’ to the bottom line immediately, it often didn’t make the 10-K or 8-K cut. This created a massive data vacuum for auditors and investors alike.

2. The Ransomware Surge: A 44% Upward Spiral

In 2022, ransomware didn’t just grow; it exploded. The Audit Analytics report noted a 44% increase in ransomware attacks. This isn’t just a ‘script kiddie’ in a basement anymore; this is industrialized cybercrime. Technically speaking, the sophistication of these attacks targeted core transactional data, forcing companies into a corner.

The 2022 report highlights that ransomware isn’t just about locking files; it’s about the exfiltration of sensitive data to leverage against the victim. From an audit perspective, this creates a ‘going concern’ risk. If your data is encrypted and your backups are compromised, can your business even continue to operate? The audit analytics suggest that many firms were unprepared for the sheer volume of these attacks.


// Theoretical Log Analysis for Ransomware Identification
IF (file_entropy > threshold) AND (extension_change == TRUE) {
INITIATE_LOCKDOWN_PROTOCOL();
ALERT_AUDIT_COMMITTEE("Ransomware activity detected - Potential SEC Disclosure Trigger");
}

The 44% increase indicates that the perimeter defenses of 2021 were no longer sufficient. The attackers moved toward ‘Living off the Land’ (LotL) techniques, using legitimate administrative tools to bypass traditional antivirus software, making the auditor’s job of identifying these breaches through transactional data much harder.

3. Internal Controls and SOX 404: The Eighteen-Year Review

On August 2, 2022, Audit Analytics released a massive report titled “SOX 404 Disclosures: An Eighteen-Year Review.” This wasn’t just a history lesson; it was a wake-up call for internal controls over financial reporting (ICFR). For those of you who aren’t audit nerds, SOX 404 is the part of the Sarbanes-Oxley Act that requires management and auditors to report on the adequacy of internal controls.

The technical overlap between cybersecurity and SOX 404 became undeniable in 2022. If a cyber breach can alter financial data, it is a material weakness in internal controls. The report tracked how these disclosures have evolved over nearly two decades. In the early days, ICFR was about physical ledgers and basic passwords. In 2022, it’s about cloud configurations, API security, and multi-factor authentication (MFA).

  • Material Weaknesses: The 2022 review showed that cybersecurity-related issues are increasingly cited as the root cause of internal control failures.
  • Restatement Risks: The May 2022 Financial Restatements report showed a direct correlation between weak cyber controls and the need to restate previous financial years.
  • Audit Firm Pressure: Accounting firms are now being forced to employ specialized cyber-audit teams to verify the ‘quality data’ that Audit Analytics makes accessible.

4. Continuous Auditing: The Denver Model and Beyond

While the private sector was struggling with disclosures, the public sector was experimenting with some cool tech. The City and County of Denver’s audit reports from 2022 highlighted the use of continuous auditing and audit analytics programs. This is where the real technical fun begins.

Instead of a ‘once-a-year’ checkup, continuous auditing involves repeatedly performing analyses of transactional data. This allows auditors to identify high-risk areas in real-time. If the transactional data shows an anomaly—say, a series of unauthorized payments or a strange shift in vendor data—the analytics engine flags it immediately.

Transactional Data Analysis Framework

To implement the Denver model, an organization needs to feed its ERP (Enterprise Resource Planning) data into an analytics engine. In 2022, this became a primary strategy for identifying ‘high-risk areas.’ The goal is to move from reactive auditing to proactive risk management.


SELECT transaction_id, user_id, timestamp, amount
FROM financial_records
WHERE amount > (SELECT AVG(amount) * 3 FROM financial_records)
AND location_ip NOT IN (SELECT trusted_ip FROM network_config);
-- Potential identification of compromised credentials or internal fraud.

This type of granular analysis is what Audit Analytics specializes in—providing unique data that makes decision-making easier for accounting firms and internal audit committees.

5. The Oregon Perspective: Cybersecurity Controls Audit

The Oregon Secretary of State released Report 2022-20 in July 2022, focusing specifically on cybersecurity controls. This report emphasized that cyberattacks are no longer just ‘IT problems’—they are ‘governance problems.’ The audit found that both private and public sectors share a common vulnerability: the ‘planning vs. execution’ gap.

The Oregon audit highlighted that while organizations might have a policy on paper, the actual technical implementation of cybersecurity controls—like patch management and network segmentation—was often lagging. This mirrors the findings from ScienceDirect, which noted that while planning and performing phases of an audit are positively correlated, they are less strongly related to the actual reporting of cyber risk management effectiveness.

Basically, everyone is good at making a plan, but when the ‘edan’ hits the fan, the reporting of how well that plan worked (or didn’t) becomes incredibly murky.

6. Transparency Barometer: The Audit Committee’s Role

The CAQ (Center for Audit Quality) and its Audit Committee Transparency Barometer provide another layer of insight for 2022. Audit committees are the gatekeepers. According to the 2025 ACPR (looking back at 2022 trends), audit committees identified cybersecurity as a top priority, yet the transparency in their reports varied wildly.

In 2022, the ‘Barometer’ showed that while more audit committees were discussing cyber risk, the level of detail provided to investors was still superficial. We’re talking about ‘boilerplate’ language. “We take security seriously,” they say, while the Audit Analytics data shows that 57% of breaches are still effectively ‘unfiled’ in the official SEC sense.

Why Transparency Matters (Technically)

Transparency isn’t just for ‘feel-good’ vibes. From a technical audit standpoint, transparency allows for:

  • Benchmarking: Comparing a firm’s breach response to its peers.
  • Risk Assessment: Helping investors understand the ‘cyber-hygiene’ of a company.
  • Market Stability: Reducing the ‘shock’ of a sudden, delayed disclosure that wipes out market value.

7. The Ideagen Analysis: A Decline in Breaches?

Interestingly, an Ideagen report from late 2023 (analyzing 2011-2022 trends) suggested a ‘huge decline’ in certain types of breach disclosures. This sounds like good news, right? Wrong. If you’re a ‘Wong Edan’ like me, you know that a decline in disclosures does not mean a decline in attacks.

Given that the Audit Analytics data showed a 44% increase in ransomware, the decline in disclosures suggests that companies are either getting better at hiding, or the ‘breach time’ (the time from discovery to disclosure) is getting longer and more convoluted. The Ideagen analysis on cybersecurity breach time showed that it can take months, if not years, for the full technical impact of a breach to be documented in an SEC filing.

This creates a ‘technical debt’ in auditing. If a breach occurred in 2022 but isn’t disclosed until 2024, the financial statements for those intervening years are technically based on incomplete risk profiles.

8. Technical Deep Dive: Audit Analytics Data Structures

How does Audit Analytics actually track this stuff? They don’t just guess; they use specialized data harvesting from thousands of filings. For an accounting firm, this data is gold. It allows them to see the ‘Audit Fees’ vs. ‘Cybersecurity Risk’ correlation.

In 2022, the quality of data became the primary differentiator. Audit Analytics provides data points on:

  • Cybersecurity Incidents: Date of occurrence vs. date of disclosure.
  • SOX 404 Internal Control Filings: Specifically looking for phrases like ‘unauthorized access’ or ‘data integrity.’
  • Financial Restatements: Linking the restatement back to a specific IT failure.

Without this structured data, an auditor is just a person in a suit guessing in the dark. Audit Analytics turns that darkness into a heatmap of corporate risk.

Wong Edan’s Verdict: The Madness of 2022

Alright, sedulur, here is the bottom line. The 2022 Cybersecurity Report from Audit Analytics proves one thing: we are living in a state of ‘Functional Insanity.’ Ransomware is up by 44%, yet less than half of the victims are being honest with the SEC. We have the tools—continuous auditing, transactional analytics, SOX 404 reviews—but we lack the transparency to make them truly effective.

If you are a CISO, an auditor, or just a tech geek, you need to realize that ‘quality data’ is your only weapon. Companies that hide behind the 43% disclosure wall are just building a house of cards. Eventually, the ‘edan’ logic of the market will catch up with them. The 2022 data is a warning: the gap between the breach and the filing is where the ghosts live. And let me tell you, those ghosts have expensive taste in ransoms.

Stay sharp, stay transparent, and for the love of all things digital, patch your systems. Don’t be a statistic in the next Audit Analytics report. Unless you want me to write a sarcastic article about your company’s failure, which I will do with great joy. Until next time, stay crazy!