Hong Kong: 80% of global organisations expect a data breach that impacts customer data in the next 12 months.
The findings come from Trend Micro’s biannual Cyber Risk Index (CRI) report, which measures the gap between respondents’ cybersecurity preparedness versus their likelihood of being attacked.
In the 2021 first half, the CRI surveyed over 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America.
The CRI is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. The current global index stands at -0.42, a slight increase from last year which indicates an “elevated” risk.
“Once again we’ve found plenty to keep CISOs awake at night, from operational and infrastructure risks to data protection, threat activity and human-shaped challenges,” said Tony Lee, Head of Consulting – Hong Kong and Macau, Trend Micro.
“To lower cyber risk, organisations must be better prepared by going back to basics. Identifying the critical data most at risk, focusing on the threats that matter most to their business, and delivering multi-layered protection from comprehensive, connected platforms,” added Lee.
Organisations ranked the top three negative consequences of an attack as customer churn, lost IP and critical infrastructure damage/disruption.
Key findings from the report include:
- 86% said it was somewhat to very likely that they’d suffer serious cyberattacks in the next 12 months, compared to 83% last time
- 24% suffered 7+ cyber attacks that infiltrated networks/systems, versus 23% in the previous report.
- 21% had 7+ breaches of information assets, versus 19% in the previous report.
- 20% of respondents said they’d suffered 7+ breaches of customer data over the past year, up from 17% in the last report.
“Trend Micro’s CRI continues to be a helpful tool to help companies better understand their cyber risk,” said Dr Larry Ponemon, CEO – Ponemon Institute.
“Businesses globally can use this resource to prioritize their security strategy and focus their resources to best manage their cyber risk. This type of resource is increasingly useful as harmful security incidents continue to be a challenge for businesses of all sizes and industries,” added Dr Ponemon.
Among the top two infrastructure risks was cloud computing. Global organisations gave it a 6.77, ranking it as an elevated risk on the index’s 10-point scale. Many respondents admitted they spend “considerable resources” managing third party risks like cloud providers.
The top cyber risks highlighted in the report were as follows:
Phishing and social engineering
The top security risks to infrastructure remain the same as last year and include organisational misalignment and complexity, as well as cloud computing infrastructure and providers.
In addition, respondents identified customer turnover, lost intellectual property and disruption or damages to critical infrastructure as key operational risks for organisations globally.
The main challenges for cybersecurity preparedness include limitations for security leaders, who lack the authority and resources to achieve a strong security posture. And as organisations struggling to enable security technologies that are sufficient to protect their data assets and IT infrastructure.