Trend Micro’s Cyber Risk Index finds preparedness is slowly improving

Trend Micro Incorporated (TYO: 4704; TSE: 4704), a leader in global cybersecurity, declared today that although insiders continue to pose a persistent threat to multinational corporations, cyber-risk levels have improved for the first time from “elevated” to “moderate.”

Visit https://www.trendmicro.com/en_us/security-intelligence/breaking-news/cyber-risk-index to read the Trend Micro Cyber Risk Index (CRI) 2H 2022* in its entirety.

For the first time since we started conducting these surveys, the global cyber-risk index not only improved but also entered the positive range at +0.01, according to Trend Micro’s Jon Clay, VP of threat intelligence. It implies that businesses could be improving their cyber-readiness. There is still much to be done because risks associated with employees still exist. Gaining complete and ongoing visibility and control of the attack surface is the first step in managing this.

The CRI discovered that over the previous six months, cyber-preparedness increased in Europe and APAC but slightly decreased in North and Latin America. Threats decreased simultaneously everywhere except for Europe.

The majority of businesses continue to have dim outlooks for the upcoming year. According to the CRI, the majority of respondents believed it was “somewhat to very likely” that they would experience a breach of customer data (70%) or intellectual property (69%) or a successful cyber-attack (78%).

Just 1%, 2%, and 7%, respectively, of these numbers are down from the previous report.

In the CRI 2H 2022 report, respondents again named the following top four threats as their top concerns:

1. Clickjacking
2. Business Email Compromise (BEC)
3. Ransomware
4. Fileless attacks

“Botnets” replaced “login attacks” in fifth place.

Global respondents also named employees as representing three of their top five infrastructure risks:

1. Negligent insiders
2. Cloud computing infrastructure and providers
3. Mobile/remote employees
4. Shortage of qualified personnel
5. Virtual computing environments (servers, endpoints)

Chairman of the board and founder of the Ponemon Institute, Dr. Larry Ponemon, stated: “As the trend towards hybrid working gains traction, businesses are understandably concerned about the risk posed by careless workers and the infrastructure required to support remote workers. To help reduce these risks, they will need to concentrate on people and processes in addition to technology-based solutions.

According to the findings of the global survey, the following areas of cyber-readiness for businesses are of particular concern:

People: “My organization’s senior leadership does not view security as a competitive advantage.”

Process: “My organization’s IT security function doesn’t have the ability to unleash countermeasures (such as honeypots) to gain intelligence about the attacker.”

Technology: “My organization’s IT security function does not have the ability to know the physical location of business-critical data assets and applications.”

The six-monthly Cyber Risk Index was compiled by the Ponemon Institute from interviews with 3729 global organizations. The index is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. It is calculated by subtracting the score for cyber threats from the score for cyber-preparedness.