Most global organizations anticipate suffering a data breach or cyber-attack in the next 12 months, despite cyber-risk levels falling overall, according to Trend Micro.
The security vendor’s six-monthly Cyber Risk Index (CRI) was compiled from interviews with 3729 global organizations. The index itself is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. It is calculated by subtracting the score for cyber-threats from the score for cyber-preparedness.
A risk index score of +0.01 for the second half of 2022 is the first time the index has moved into positive territory, according to Jon Clay, VP of threat intelligence at Trend Micro.
“It means that organizations may be taking steps to improve their cyber-preparedness,” he argued. “There is still much to be done, as employees remain a source of risk. The first step to managing this is to gain complete and continuous attack surface visibility and control.”
In fact, despite the positive direction of travel in risk scoring, most responding organizations are pessimistic about the year ahead.
Most said it was “somewhat to very likely” that they’d suffer a breach of customer data (70%) or IP (69%), or a successful cyber-attack (78%). These figures have declined only between 1 and 7% from the previous report.
Respondents pointed to both negligent insiders and mobile users, and a lack of trained staff, as a key cause of concern going forward. Alongside cloud infrastructure and virtual computing environments, these comprised the top five infrastructure risks.
“As the shift to hybrid working gathers momentum, organizations are rightly concerned about the risk posed by negligent employees and the infrastructure used to support remote workers,” said Ponemon Institute founder, Larry Ponemon.
“They will need to focus not only on technology solutions but people and processes to help mitigate these risks.”
Additionally, business executives were singled out as a potential roadblock to greater cyber-preparedness, with many respondents claiming they still do not view security as a competitive advantage.