Nearly two thirds of internal audit chiefs do not recognise data privacy and IT fraud as a serious threat to their business, according to a survey by consultancy Ernst & Young.

Corporate breaches and data protection regulation were ranked just sixth in audit chiefs' top 10 IT risks for an organisation, while for CIOs it came in at ninth.

Companies are not recognising the serious threat that breaches pose, according to Erol Mustafa, head of IT internal audit services at Ernst & Young.

"Heads of internal audit need to recognise the increased importance of data privacy," he said.

"There is a risk in assuming that data is protected effectively – in reality there are often vulnerabilities in business processes, information security, or the data management lifecycles."

The survey of 60 major businesses also found that 63 per cent of CIOs believed the use of third-party IT service providers would increase in the next 12 months.

Audit heads and CIOs were most concerned about the failure of major programmes and projects and business continuity issues.