Nearly a quarter (23%) of global organizations suffered seven or more attacks that infiltrated their networks over the past year, and a majority believe it will happen in the coming 12 months, according to Trend Micro.
The security giant commissioned the Ponemon Institute to calculate its biannual Cyber Risk Index (CRI), which measures the gap between responding organizations’ current security posture and their likelihood of being attacked.
This edition features information from Europe and APAC for the first time to offer a global perspective.
Some 83% of respondents claimed that the chances of attacks gaining a foothold inside networks or IT systems over the next year are “somewhat” or “very” likely.
The CRI is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. The current global index stands at -0.41, representing “elevated” risk, although it is highest globally in the US (-1.07) due to a perceived lack of cyber-preparedness versus other regions.
Responding organizations claimed their top cyber-risks globally are: phishing and social engineering, clickjacking, ransomware, fileless attacks, botnets and man-in-the-middle attacks. They’re most concerned about loss of customer data, IP and financial information, customer churn, and stolen or damaged equipment.
However, there were differences between certain countries. US respondents were unique in also listing the cost of outside consultants as a top negative consequence of attack, while in APAC, damage to critical infrastructure concerned organizations.
The top security risks within IT infrastructure highlighted by respondents were: organizational complexity and misalignment, negligent insiders, cloud infrastructure and providers, skills shortages and malicious insiders.
Trend Micro’s global threat communications director, Jon Clay, described the CRI as a useful resource for organizations keen to better understand their risk postures.
“It will help organizations across the world find better ways to cut through complexity, mitigate insider threats and skills shortages, and enhance cloud security to minimize cyber-risk and drive post-pandemic success,” he argued.