From operational/infrastructure risks to data protection, threat activity and human-shaped challenges, cyber risks have spread wildly like the ‘novel’ coronavirus.
In a 2021 (H1) survey of more than 3,600 businesses of all sizes and industries across North America, Europe, the Asia-Pacific region and Latin America, 80% of respondents felt they were likely to experience a data breach that could impact customer data in the next 12 months.
Trend Micro‘s half-yearly Cyber Risk Index (CRI) measures the gap between respondents’ cybersecurity preparedness versus their likelihood of being attacked. The CRI is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. The current global index stands at -0.42, a slight increase on last year which indicates an ‘elevated’ risk.
The key findings are:
- 86% of respondents chose the response that it was “somewhat to very likely” that they would suffer serious cyberattacks in the next 12 months, compared to 83% in the previous year.
- 24% reported suffering seven or more cyberattacks that had infiltrated networks/systems, versus 23% in the previous report in H2 2020.
- 21% of respondents had suffered seven or more breaches of information assets, versus 19% in H2 2020.
- 20% of respondents said they had suffered seven or more breaches of customer data over the past year, up from 17% in the last report.
- The top cyber risks highlighted in the report were: Man-in-the-middle attacks; Ransomware; Phishing and social engineering; Fileless attacks and Botnets.
- Respondents ranked the top three negative consequences of an attack as customer churn, lost IP and critical infrastructure damage/disruption.
- The top security risks to infrastructure remain the same as in last year’s respondents, and include organizational misalignment and complexity, as well as cloud computing infrastructure and providers.
- Respondents identified customer turnover, lost intellectual property and disruption or damages to critical infrastructure as key operational risks.
- The main challenges cited for cybersecurity preparedness included: limitations for security leaders that lack the authority and resources to achieve a strong security posture; and organizations struggling to enable security technologies that are sufficient to protect their data assets and IT infrastructure.
- Cloud computing risks were given a ranking of 6.77 by respondents as an elevated risk on the index’s 10-point scale.
Said Tony Lee, Head of Consulting (Hong Kong and Macau), Trend Micro: “To lower cyber risk, organizations must be better prepared by going back to basics, identifying the critical data most at risk, focusing on the threats that matter most to their business, and delivering multi-layered protection from comprehensive, connected platforms.”