• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Business   »   Cyber Risk Index – A Guide for CISOs and IT Security

Cyber Risk Index – A Guide for CISOs and IT Security

  • Posted on:February 12, 2019
  • Posted in:Business, Cyber Risk Index (CRI), Security
  • Posted by:
    Jon Clay (Global Threat Communications)
0

Trend Micro has partnered with the Ponemon Institute to develop a new Cyber Risk Index (CRI), which is intended to help CISOs and their IT Security teams better understand the current cyber risk compared to similar businesses of their size and industry. The CRI is based on a survey conducted by Ponemon to more than 1,000 IT professionals in the US from small, medium and large businesses and it looks at two aspects: How prepared are organizations to protect their data and systems versus the current threats targeting them. Our plan is to run the CRI every six months to obtain trending data to see if the CRI improves or not over time.

The CRI is based on a -10 to +10 scale with -10 being high risk and +10 being minimal risk. The results show that businesses overall are at an elevated risk of cyber threats with a score of -0.15. We also broke out the results based on company size, which shows that small businesses are at the highest risk at -0.59.

The good news is enterprise businesses responded with a moderate risk index level. When we break out the results by industry, for those industries where we had enough responses for a good statistical average they all showed elevated risk levels with the highest risk associated with services, public sector, retail, health & pharmaceutical industries.

Let’s look at some of the more interesting results from the survey based on all respondents. 

Cyber Attacks Will Likely Occur

  • Likelihood of a data breach of customer data in next 12 months: 77% likelihood
  • Likelihood of a data breach of critical data (IP) in next 12 months: 80% likelihood
  • Likelihood of one or more successful cyber attacks in next 12 months: 80% likelihood

The above results show that our respondents are not confident that they can thwart an attack, and believe some of their most valuable data will be exfiltrated. 

Critical Data is at Risk

The top four things at highest risk of loss or theft are (in order of highest risk):

  • R&D Information
  • Trade Secrets
  • Customer Accounts
  • Company-confidential information

The good news is our respondents recognize that their most valuable data is at risk, as these four data types could significantly affect the businesses existence if stolen. 

Challenges within Organizations

The following represent challenges within organizations that add additional risk. Respondents reported that they don’t believe their business is sufficient in these areas.

  • My organization’s IT security function is involved in determining the acceptable use of disruptive technologies (such as mobile, cloud, social media, IoT devices) in the workplace.
  • My organization’s IT security function is able to detect zero-day attacks.
  • My organization is well prepared to deal with data breaches and cybersecurity exploits.
  • My organization’s IT security architecture has high interoperability, scalability and agility.
  • My organization’s IT security function conducts assessments and/or audits to identify threats, vulnerabilities and attacks.

When you look at these top risks, many appear to show a lack of confidence in the organization’s security controls to detect and block attackers as well as challenges dealing with new technologies being introduces and a security architecture that isn’t well coordinated. 

Top Threats

When we asked what the top threats against them we see the top two targeting their employees:

  • Phishing & social engineering
  • Clickjacking
  • Ransomware
  • Botnets
  • SQL & code injection

There are many more results we can share and I’ll do so in further blogs to help you better understand all of the insights we’ve obtained from this project. We also look forward to seeing the next round to see if organizations feel they’ve improved their capabilities or if they think the threats targeting them have gotten easier or harder to defend against. I’ll leave you with a few of the ways we think organizations can improve their capabilities in protecting against these threats:

  • Identifying critical data and building security around this data, taking a risk management approach
  • Minimizing the complexity of infrastructure and improving alignment across the security stack
  • Improving the ability to protect mobile devices, information and operational technology devices, and cloud infrastructure
  • Investing in new talent and existing personnel
  • Reviewing existing security solutions with the latest technologies to detect advanced threats like ransomware and botnets.
  • Improving IT security architecture with high interoperability, scalability, and agility

Check out more details of the Cyber Risk Index as well as taking a shortened version of the survey yourself to see how you stack up against your peers on our CRI webpage.

Related posts:

  1. This Week in Security News: Latest Cyber Risk Index Shows Elevated Risk of Cyber Attack and IoT Company Wyze Exposes Information of 2.4M Customers
  2. How Likely Is Your Organization to Be Breached?
  3. 2017’s Biggest Threats and What CISOs Can do to Mitigate Risks in 2018
  4. A Game of Risk with Broadcasters, Cyber Felons and Dragons

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Trend Micro Asks Students How Their Relationship to the Internet Has Changed During COVID-19
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.