Survey shows organizations are at an elevated risk of attack
80% of global organizations report they are likely to experience a data breach that impacts customer data in the next 12 months, according to Trend Micro’s survey.
The findings come from Trend Micro's biannual Cyber Risk Index (CRI) report, which measures the gap between respondents' cybersecurity preparedness versus their likelihood of being attacked. In the first half of 2021 the CRI surveyed more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America.
The CRI is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. The current global index stands at -0.42, a slight increase on last year which indicates an "elevated" risk.
"Once again we've found plenty to keep CISOs awake at night, from operational and infrastructure risks to data protection, threat activity and human-shaped challenges," said Jon Clay, vice president of threat intelligence for Trend Micro. "To lower cyber risk, organizations must be better prepared by going back to basics, identifying the critical data most at risk, focusing on the threats that matter most to their business, and delivering multi-layered protection from comprehensive, connected platforms."
Organizations ranked the top three negative consequences of an attack as customer churn, lost IP and critical infrastructure damage/disruption.
Key findings from the report include:
- 86% said it was somewhat to very likely that they'd suffer serious cyber-attacks in the next 12 months, compared to 83% last time
- 24% suffered 7+ cyber attacks that infiltrated networks/systems, versus 23% in the previous report.
- 21% had 7+ breaches of information assets, versus 19% in the previous report.
- 20% of respondents said they'd suffered 7+ breaches of customer data over the past year, up from 17% in the last report.
"Trend Micro's CRI continues to be a helpful tool to help companies better understand their cyber risk," said Dr. Larry Ponemon, CEO for the Ponemon Institute. "Businesses globally can use this resource to prioritize their security strategy and focus their resources to best manage their cyber risk. This type of resource is increasingly useful as harmful security incidents continue to be a challenge for businesses of all sizes and industries."
Among the top two infrastructure risks was cloud computing. Global organizations gave it a 6.77, ranking it as an elevated risk on the index's 10-point scale. Many respondents admitted they spend "considerable resources" managing third party risks like cloud providers.
The top cyber risks highlighted in the report were as follows:
- Man-in-the-middle attacks
- Phishing and social engineering
- Fileless attack
The top security risks to infrastructure remain the same as last year, and include organizational misalignment and complexity, as well as cloud computing infrastructure and providers. In addition, respondents identified customer turnover, lost intellectual property and disruption or damages to critical infrastructure as key operational risks for organizations globally.
The main challenges for cybersecurity preparedness include limitations for security leaders who lack the authority and resources to achieve a strong security posture, as well as organizations struggling to enable security technologies that are sufficient to protect their data assets and IT infrastructure.