Four in every five (80%) of global organisations believe that they are likely to experience a data breach that impacts customer data in the next 12 months, according to Trend Micro’s latest biannual Cyber Risk Index (CRI) report.
Conducted in the first half of 2021, the survey covered more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America.
The CRI is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. The current global index stands at -0.42, a slight increase on last year which indicates an “elevated” risk.
“To lower cyber risk, organisations must be better prepared by going back to basics, identifying the critical data most at risk, focusing on the threats that matter most to their business, and delivering multi-layered protection from comprehensive, connected platforms,” said Tony Lee, Trend Micro’s head of consulting in Hong Kong and Macau.
Respondents ranked the top three negative consequences of an attack as customer churn, lost intellectual property, and critical infrastructure damage/disruption.
Findings also showed that 86% said it was somewhat to very likely that they’d suffer serious cyber-attacks in the next 12 months, compared to 83% last time.
Also, 24% suffered at least seven cyber attacks that infiltrated networks/systems, versus 23% in the previous report.
Further, 21% (19% previously) had at least seven breaches of information assets while 20% (17% previously) said they’d suffered at least seven breaches of customer data over the past year.
Among the top two infrastructure risks was cloud computing. Global organisations gave it a 6.77, ranking it as an elevated risk on the index’s 10-point scale. Many respondents admitted they spend “considerable resources” managing third party risks like cloud providers.
The top cyber risks highlighted in the report were man-in-the-middle attacks; ransomware; phishing and social engineering; fileless attack and; botnets.
The main challenges for cybersecurity preparedness include limitations for security leaders who lack the authority and resources to achieve a strong security posture, as well as organisations struggling to enable security technologies that are sufficient to protect their data assets and IT infrastructure.