This paper intends to bring further clarity regarding the role of the auditor when there is a consideration of a cybersecurity. It seems there is an expectation gap between what the public expects and what the auditor role is, and that cybersecurity testing requires additional skills and efforts. Are auditors currently compensated for the cybersecurity testing? Do they want the scope of the audit to expand to include cybersecurity assessment? Will this lack of clarity impact the corporate governance model that is based on transparency and monitoring? There is limited data available regarding cybersecurity audits and whether such audits lower the threat of cybersecurity. Our analysis suggests that auditors should not have direct responsibility for testing the cybersecurity of a client, rather direct testing should be accomplished by a third party, primarily an auditor specialist. Also, it is time to expect the auditor to become familiar with general cybersecurity skills and standards
