According to Trend Micro, most global organizations expect to experience a data breach or cyberattack within the next 12 months, despite cyber risk levels declining overall.
security vendor’s six-month Cyber Risk Index (CRI) was compiled from interviews with 3729 global organizations. The index itself is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. This is calculated by subtracting the Cyber Threat Score from the Cyber Readiness Score.
According to Jon Clay, vice president of threat intelligence at Trend Micro, the Risk Index score of +0.01 in the second half of 2022 marks the first time the index has moved into positive territory.
“This means organizations may be taking steps to improve their cyber preparedness,” he argued. “Employees remain a source of risk, so there is still much work to be done. The first step in managing this is gaining complete and ongoing attack surface visibility and control.”
In fact, while risk scoring is moving in a positive direction, most of the responding organizations are pessimistic about the year ahead.
Most respondents say they are “somewhat or very likely” to suffer a compromise of customer data (70%) or IP (69%), or a successful cyberattack (78%). These numbers are down only 1-7% from our last report.
For more information on cyber risks, see NCSC: Be Prepared for an Elevated Protection Period for Cyber Risks.
Respondents pointed to both inattentive insiders and mobile users, as well as a lack of trained staff, as major sources of concern going forward. Together with cloud infrastructure and virtual computing environments, these make up the top five infrastructure risks.
Larry Ponemon, Founder of the Ponemon Institute, said:
“We need to focus not only on technology solutions, but also on people and processes to mitigate these risks.”
Additionally, business executives were cited as a potential roadblock to better cyber preparedness, with many respondents arguing that they still do not see security as a competitive advantage.
