You're talking out of your ass here. Your auditors may be checking various things for a variety of unrelated reasons, but it has nothing to do with SOX.
Read the law. Seriously, it's posted online. You can just go look.
"SOX itself never mentions cybersecurity. However, in 2018, the SEC released a “Commission Statement and Guidance on Public Company Cybersecurity Disclosures (the Guidance).” (https://www.sec.gov/rules/interp/2018/33-10459.pdf) The SEC realized that increased technology use and data breach risk impact corporate financials. In fact, the Guidance lists several financial risks linked to cybersecurity:
Remediation costs
Cybersecurity protection costs
Lost revenue due to customer churn after an attack
Litigation and legal risks, including regulatory fines
Increased insurance premiums
Reputation damage
Damage to competitiveness, stock price, and long-term shareholder value
In order to comply with SOX, public companies need to ensure that they establish appropriate controls and security monitoring programs that mitigate risk.
In 2020, the SEC released new guidance “Cybersecurity and Resiliency Observations” (Resiliency Guidance) (https://www.sec.gov/files/OCIE%20Cybersecurity%20and%20Resil...) through its Office of Compliance Inspections and Examinations (OCIE). This revised guidance offered greater specificity for organizations that need to file public financial reports."
"SOX itself never mentions cybersecurity. However, in 2018, the SEC released a “Commission Statement and Guidance on Public Company Cybersecurity Disclosures (the Guidance).” (https://www.sec.gov/rules/interp/2018/33-10459.pdf) The SEC realized that increased technology use and data breach risk impact corporate financials. In fact, the Guidance lists several financial risks linked to cybersecurity:
Remediation costs Cybersecurity protection costs Lost revenue due to customer churn after an attack Litigation and legal risks, including regulatory fines Increased insurance premiums Reputation damage Damage to competitiveness, stock price, and long-term shareholder value In order to comply with SOX, public companies need to ensure that they establish appropriate controls and security monitoring programs that mitigate risk.
In 2020, the SEC released new guidance “Cybersecurity and Resiliency Observations” (Resiliency Guidance) (https://www.sec.gov/files/OCIE%20Cybersecurity%20and%20Resil...) through its Office of Compliance Inspections and Examinations (OCIE). This revised guidance offered greater specificity for organizations that need to file public financial reports."