If the single-digit improvements were real, the respondents of one survey were nevertheless more worried by impending 2023 cyber threats.
From data gleaned from a H2 2022 survey of more than 3,700 CISOs, IT practitioners and managers across North America, Europe, Latin/South America, and the Asia Pacific region, a cybersecurity firm has released some findings for a cyber risk index (CRI) for the past year.
According to the data, cyber risk levels in APAC in the second half of 2022 had improved from that of H1, but respondents remained pessimistic about the threat landscape, with 82% anticipating successful attacks in 2023. The top five expected types of successful attacks were: Business Email Compromise; ransomware, clickjacking, botnets and cryptominers.
For 2023, APAC respondents had the following sentiments:
- Three in four cited feeling they were “somewhat to very likely” to suffer a breach of customer data (74%), intellectual property (74%) or a successful cyberattack (82%): these numbers are lower than the sentiments in a similar survey in H1, by 2%, 4% and 7% respectively.
- Cyber preparedness as a key driver of improved cyber risk levels had shifted from “elevated” to “moderate” in H2.
- The top APAC security risks in infrastructure were identified and ranked in order of severity by respondents as: negligent insiders, cloud computing infrastructure and providers, shortage of qualified personnel, and cloud computing infrastructure and providers.
According to Nilesh Jain, Vice President (Southeast Asia & India), Trend Micro Incorporated, the firm that released the cyber risk index: “We’ve seen a drastic improvement in the APAC cyber risk index since the first half of 2022, with figures moving into positive territory at 0.05 from negative levels. This is a promising result as it means that organizations have greatly stepped up to improve their cyber preparedness. It is crucial to continue this momentum by focusing on the threats that matter most to their businesses this year. The first step is to gain complete and continuous attack surface visibility and control.”