Most firms struggle to assess cyber risk exposure

More than half (54%) of global organisations feel their cyber risk assessments are not sophisticated enough, exposing them to ransomware, phishing, IoT and other threats, according to Trend Micro.

The cybersecurity firm commissioned Sapio Research to interview 6,297 IT and business decision makers across 29 countries to compile the study.

Respondents also indicated that overly complex tech stacks and lack of awareness from leadership are exacerbating issues.

Many organisations are struggling with manual approaches to attack surface mapping (28%), and 32% report difficulty working with multiple tech stacks. 

This may explain why only around 40% are able to accurately detail any one of the following based on risk assessments — risk levels for individual assets, attack attempt frequency, attack attempt trends, impact of a breach on any particular area, industry benchmarks, and preventative action plans for specific vulnerabilities.

“We already knew that organizations are concerned about a fast-expanding digital attack surface with limited visibility,” said Bharat Mistry, technical director at Trend Micro. “Now we know that they also need urgent help to discover and manage cyber risk across this environment. 

Mistry said that in many cases, the challenge is compounded by siloed point solutions. Organisations must search for a single platform that gives them the certainty and security they require.

About one-third of the IT and business decision makers Trend Micro interviewed say that assessing risk is the main area of attack surface management they struggle with. As a result, over 80% feel exposed to ransomware, phishing and IoT attacks.

The inability of organisations to accurately assess attack surface risk also keeps business leaders in the dark. 

Over half of respondents struggle to quantify risk exposure to leadership, and only 3% believe their C-suite fully understands cyber risk at present.

The reports found that there’s a clear opportunity for organisations to leverage third-party expertise.

Two-fifths (39%) of respondents are already invested in a platform-based approach to attack surface management, while half (50%) of respondents say they’d like to do the same. 

Of those who’ve already made the move, improved visibility (38%), faster breach detection (35%) and accelerated response (34%) are the most cited advantages.