Purpose This study aims to investigate how the internal audit function helps boost an organisation’s cybersecurity quality. The authors focus on the key roles played by the chief audit executive (CAE) competencies in terms of their IT expertise, qualifications and tenure, their interaction with the audit committee (AC), the organisation’s IT governance structure and the role of internal audit (IA) in overseeing cybersecurity. Design/methodology/approach Data were collected via a survey questionnaire distributed to internal auditors and audit committee members in UK-listed companies, supplemented by relevant archival data where appropriate. Findings Panel regression findings, validated across both CEAs and AC members, reveal that CAE IT expertise, private CAE-AC meetings and robust IT governance significantly improve cybersecurity quality. Crucially, each additional year of IT audit expertise increases perceived cybersecurity quality by approximately 0.30 units, confirming the high value of deep IT audit expertise. Additionally, IA’s role in policy review, regulatory compliance and risk assessment strengthens cyber resilience. Practical implications The findings carry important practical implications for organisations, regulators and society. Strengthening IT competencies within internal audit, fostering private dialogue between CAEs and audit committees and embedding cybersecurity into corporate governance frameworks can significantly improve resilience. Beyond organisational benefits, enhanced cybersecurity audit quality supports consumer protection, safeguards privacy and reinforces public trust in digital infrastructures such as health care, banking and government services, aligning with global standards like the General Data Protection Regulation (GDPR) and the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Originality/value The study makes an original contribution to the literature by examining how synergies among the CAE’s IT competencies, interaction with the audit committee, IT governance and internal audit functions shape the quality of cybersecurity audits.