Hong Kong: For global firms, it is not just the business risks that matter but even cyber risks are equally significant for them. While these global organisations are able to estimate the business risks and mitigate them to an extent, that’s not the case with cyber risk exposure.
A new commissioned research from Trend Micro revealed more than half of global firms are struggling to assess cyber risk exposure.
These organisations feel their cyber risk assessments are not sophisticated enough – exposing them to ransomware, phishing, IoT and other threats, according to the research. Respondents also indicated that overly complex tech stacks and lack of awareness from leadership are exacerbating issues.
Many organisations struggle with manual approaches to attack surface mapping (28%), and 32% report difficulty working with multiple tech stacks. This may explain why only around 40% are able to accurately detail any one of the following based on risk assessments:
- Risk levels for individual assets
- Attack attempt frequency
- Attack attempt trends
- Impact of a breach on any particular area
- Industry benchmarks
- Preventative action plans for specific vulnerabilities
“We already knew that organisations are concerned about a fast-expanding digital attack surface with limited visibility. Now we know that they also need urgent help to discover and manage cyber risk across this environment,” said Bharat Mistry, Technical Director – Trend Micro:
“In many cases, the challenge is compounded by siloed point solutions. Organisations must search for a single platform that gives them the certainty and security they require,” added Mistry.
About one-third of the IT and business decision-makers (ITDMs) interviewed during the research say that assessing risk is the main area of attack surface management they struggle with. As a result, over 80% feel exposed to ransomware, phishing and IoT attacks.
The inability of organisations to accurately assess attack surface risk also keeps business leaders in the dark. Over half of respondents struggle to quantify risk exposure to leadership, and only 3% believe their C-suite fully understands cyber risk at present.
There’s a clear opportunity here for organisations to leverage third-party expertise.
Two-fifths (39%) of respondents say they already invested in a platform-based approach to attack surface management. while half (50%) of respondents say they’d like to do the same.
Of those who’ve already made the move, improved visibility (38%), faster breach detection (35%) and accelerated response (34%) are the most cited advantages.
Trend Micro commissioned Sapio Research to interview 6297 IT and business decision makers across 29 countries to compile the study.