80 percent of IT business leaders anticipate a critical breach or successful cyberattack over the coming year, according to the Cyber Risk Index (CRI), a Trend Micro survey of more than 1,000 IT security professionals in the United States.
The CRI survey was conducted to measure business risk based on the difference between organizations’ current security posture and their likelihood of attack, with the goal of helping CISOs and their teams better assess, protect, detect, respond, and recover from serious cyber threats. The survey will be issued twice a year to observe trends and changes in business cyber risk.
“The overall Cyber Risk Index shows companies are at an elevated risk for cyberattack because critical data, operations, infrastructure and human capital are not well prioritized and protected,” said Jon Clay, director of global threat communications for Trend Micro. “We designed the CRI to help security leaders improve their visibility of cyber risks so they can better prepare against attacks. Additionally, understanding the key areas of risk can enable companies to provide better security while also meeting regulatory requirements.”
Respondents to the survey ranked research and development information, trade secrets, customer accounts, and other confidential information as the highest risk of loss when a breach occurs. This highlights a critical gap between data criticality and the protection measures in place to ensure their safety.
Additionally, the ability to securely implement disruptive technologies like mobile, cloud, and IoT devices was a great concern to those surveyed, along with detecting zero-day attacks. However, respondents positively reported that their CISOs have enough authority and resources to achieve a strong security posture.
“At its core, the Cyber Risk Index captures benchmarks derived from surveys compiled from IT and IT security practitioners in small, medium, and large companies,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “Over time, these benchmarks can be used to pinpoint trends that will help CISOs proactively manage risks within the ever-changing cybersecurity ecosystem.”
A primary cause of these risks was found to be complex, misaligned organizations with a lack of security connectivity, scalability and agility, and too few qualified people to manage security systems.
Trend Micro recommends organizations better prepare themselves against cyber threats by:
- Identifying critical data and building security around this data, taking a risk management approach
- Minimizing the complexity of infrastructure and improving alignment across the security stack
- Improving the ability to protect mobile devices, information and operational technology devices, and cloud infrastructure
- Investing in new talent and existing personnel
- Reviewing existing security solutions with the latest technologies to detect advanced threats like ransomware and socially engineered attacks
- Improving IT security architecture with high interoperability, scalability, and agility
The Cyber Risk Index will be conducted twice a year to see how organizations fare over time amidst a rapidly changing threat landscape and evolving IT security infrastructure.