APAC cyber risk declines, but firms predict successful attacks ahead

Cyber risk levels in Asia Pacific (APAC) have improved from the first half to the second half of 2022, according to Trend Micro’s latest survey on cyber risk. 

Nevertheless, organisations remain pessimistic about the threat landscape, with 82% anticipating successful attacks this year.

The findings come from Trend Micro’s biannual Cyber Risk Index (CRI) report, which measures the gap between respondents’ cybersecurity preparedness versus their likelihood of being attacked. 

In the second half of 2022, the CRI surveyed more than 3,700 CISOs, IT practitioners, and managers across North America, Europe, South America, and Asia Pacific.

In APAC, enhanced cyber preparedness is a key driver of improved cyber risk levels—which has shifted from “elevated” to “moderate”. However, organisations cannot rest on their laurels with the prospect of threats looming.

On threats that APAC organisations are most worried about, three in four respondents cited that it was “somewhat to very likely” that they would suffer a breach of customer data (74%), intellectual property (74%) or a successful cyberattack (82%).

These figures represent declines of just 2%, 4% and 7% respectively, from the results of the CRI in the first half of 2022.

“We’ve seen a drastic improvement in the APAC cyber risk index since the first half of 2022, with figures moving into positive territory at 0.05 from negative levels,” said Nilesh Jain, Trend Micro VP in Southeast Asia and India.

“This is a promising result as it means that organisations have greatly stepped up to improve their cyber preparedness,” said Jain. “It is crucial for organisations to continue this momentum by focusing on the threats that matter most to their business this year. The first step is to gain complete and continuous attack surface visibility and control.”

He said that to address new complexities arising from an expanding attack surface, security teams need to bolster their capabilities in proactive attack surface risk management. 

On top of architecture improvements for enhanced interoperability, scalability and agility, having a unified cybersecurity platform with extended detection and response (XDR) capabilities is also critical in enhancing security teams’ visibility and response to cyberthreats across internal and external systems, accounts and devices. 

This would give organisations a leg-up in understanding, communicating, and mitigating expected risks.

The trend in Singapore echoes that of the region, with a reported decline in cyber risk and improvement in cyber preparedness since the first half of 2022.

However, local organisations remain on guard, with 88% citing it was “somewhat to very likely” that they will experience a successful cyberattack in the next 12 months.

Nevertheless, Singapore organisations are more confident about their abilities to prevent data breaches than before; less than two-thirds believe that they are “somewhat to very likely” to experience a breach of customer data (66%) or intellectual property (53%).

Organisations in Singapore and APAC cited business email compromise (BEC) and clickjacking among the top five cyber threats that they expect to experience this year.

In APAC and Singapore, the current primary risks are people related. APAC respondents named employees as representing three of their top five infrastructure risks. In Singapore, lack of qualified personnel and employees comprised two of their top five infrastructure risks.