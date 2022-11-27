The assessment, detection, prevention, and response to cyber threats today is a crucial factor for organisations across industries. 32 percent of global organisations have had customer records compromised multiple times over the past year as they struggle to profile and defend an expanding attack surface. Trend Micro and Ponemon Institute conducted research among IT managers across Asia-Pacific, Europe, Latin/South America, and North America. These findings were used to create a comprehensive index to assess an organisation’s cyber risk maturity level. All four regions showed an elevated risk level indicating that companies worldwide are struggling to deal with today’s cyberattacks.

Here are the key findings from the report.

The most influential risk factors in 2022



The types and intensities of risk factors are increasing by the day. The risk level shot up from -0.04 to -0.15 from the previous survey. This means respondents feel more risk associated with preparing for cyberattacks as well as a higher risk of the current threats targeting them.

Top data types at risk:

Human resource (employee) files

Business communication (email)

Financial information

Attorney-client privileged information

Trade secrets

Data Risks: Organisations are not well prepared to deal with data breaches and cybersecurity exploits. Additionally, the survey noted that organisations’ enabling security technologies aren’t sufficient to protect data assets and IT infrastructure.

Operation Risks: Operational liabilities are a big factor contributing to cyber risks as well. They are not actively involved in threat sharing with other companies and the government. Many companies’ IT security function doesn’t have the ability to unleash countermeasures (such as honeypots) to gain intelligence about the attacker.

Human Capital Risks: Unfortunately, a considerable amount of organisations and their senior leadership don’t view security as a competitive advantage. The survey revealed that many companies’ CEO and Board of Directors are not actively involved in overseeing the IT security function.

Infrastructure Risks: The IT security function in organisations also lacks the ability to know the physical location of business-critical data assets and applications. This raises immense concerns for the knowledge of the storage of data. It was also observed that the IT security objectives in organisations are not aligned with their business objectives.

Here are some other insights that the report gathered at large.

Top negative consequences of cyberattacks:

Cost of outside consultants and experts

Disruption or damages to critical infrastructure

Productivity decline

Customer turnover

Lost intellectual property (including trade secrets) / Reputation or brand damage

Top security risks within IT infrastructure:

Mobile/remote employees

Cloud computing infrastructure and providers

IoT devices and applications

Data centres

Negligent insiders

Cyber risks:

Business Email Compromise (BEC)

Clickjacking

Fileless attack

Ransomware

Login attacks (Credential Theft)

Breakdown of the Cyber Risk Index



The divide between an organisation’s current security posture and their likelihood of being attacked is known as the Cyber Risk Index. It measures the difference between the Cyber Preparedness Index and the Cyber Threat Index. The Cyber Preparedness Index is at a moderate risk for all regions with Europe being at the highest risk level. Overall, all organisations are at an elevated cyber risk. All organisations show an elevated risk associated with the Cyber Threat Index, with all regions exhibiting approximately the same level of risk, but North America has the highest risk level.

In Asia Pacific, specifically, the top five most prominent and common cyber threats respectively are business email compromise (BEC), phishing and social engineering, clickjacking, fileless attack, and denial of service (DoS).

The likelihood of a successful cyber attack is also a growing concern amidst organisations. Across the four regions, respondents are concerned they will be successfully attacked in the next year. 89 percent in Asia-Pacific, 86 percent in North America and 85 percent in Europe, and 82 percent in Latin/South America responded as somewhat to very likely to be compromised in the next year.

Key findings of the report also reveal that 7 out of 10 surveyed say a breach of critical data is likely in the next year, and a lack of preparedness to deal with an attack, organisations should rethink their current security strategy. In addition to this, 8 out of 10 say they are likely to be breached in the next year, and as such, organisations need to build improved breach detection capabilities. The top four data types at risk cited by respondents are critical to a business’ operations and livelihood.

The Cyber Risk Index continues to provide a fascinating overview of how organisations perceive their security posture and the likelihood of being attacked, globally. The stakes couldn’t be higher in the face of stiff macroeconomic headwinds.