Cyber Risk Decreases, but Majority of Organizations Anticipate Successful Attacks

According to a recent study conducted by Trend Micro, a global cybersecurity company, cyber-risk levels have shifted from "elevated" to "moderate" for the first time. However, the study highlights that insider threats continue to pose a persistent danger to organizations worldwide. For the first time in the history of these surveys, the global cyber-risk index has not only shown improvement but has entered positive territory at +0.01. This suggests that organizations may be taking steps to enhance their cyber-preparedness. Nevertheless, there is still considerable work to be done, as employees remain a significant source of risk. The first crucial step towards managing this risk is to attain comprehensive and continuous visibility and control over the attack surface.

 

The Cyber Risk Index (CRI) indicates an improved level of cyber-preparedness in Europe and the Asia-Pacific (APAC) region, while experiencing a slight decline in North and Latin America over the past six months. Meanwhile, threats decreased in all regions except Europe.

 

Notably, the APAC (with a focus on India)/ASEAN region achieved the highest Cyber Preparedness Index with a score of 5.47 for the first half of 2023, following a score of 5.33 in the second half of 2022, surpassing other global regions.

 

Despite these improvements, most organizations remain pessimistic about their prospects in the upcoming year. The CRI reveals that a majority of respondents expressed that a breach of customer data (70%), intellectual property (69%), or a successful cyber-attack (78%) was "somewhat to very likely" to occur. These figures only represent slight declines of 1%, 2%, and 7% respectively compared to the previous report.

 

According to the CRI 2H 2022 survey in the APAC region, the top four threats identified by respondents were:

 

 

In the same survey, the APAC respondents identified employees as representing three out of their top five infrastructure risks:

 

As the transition to hybrid working gains momentum, organizations rightly express concerns about the risks posed by negligent employees and the infrastructure supporting remote workers. To mitigate these risks, organizations need to focus on technological solutions as well as people and processes.

 

The survey results reveal the following key areas of concern regarding cyber-preparedness for businesses globally:

 

People: "My organization's senior leadership does not view security as a competitive advantage."

 

Process: "My organization's IT security function lacks the capability to deploy countermeasures, such as honeypots, to gather intelligence about attackers."

 

Technology: "My organization's IT security function lacks the capability to determine the physical location of critical data assets and applications."

 

The Ponemon Institute compiled the semi-annual Cyber Risk Index based on interviews with 3729 organizations worldwide. The index employs a numerical scale ranging from -10 to 10, with -10 representing the highest level of risk. It is calculated by subtracting the score for cyber threats from the score for cyber-preparedness.