Cyber risk grew significantly in 2020, according to a new survey published by cloud security leader, Trend Micro.
Its Cyber Risk Index reveals 18 per cent of APAC organisations suffered seven or more attacks infiltrating their networks or systems over the past year, and the majority (81 per cent) suffered one or more attacks. More than two-thirds (76 per cent) of surveyed organisations in APAC expect that such attacks are “somewhat” to “very” likely to be successful in the coming 12 months.
The Index is calculated by the Ponemon Institute by measuring the gap between organisations’ current security posture and their likelihood of being attacked.
It is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. The current global index stands at -0.41, representing “elevated” risk. Although risk is lowest in APAC (-0.02) due to perceived greater cyber preparedness, all organisations show an elevated risk as all regions exhibit approximately the same level of risk.
“The Cyber Risk Index [CRI] is fast becoming an indispensable resource for CISOs looking to assess their readiness to respond to cyber attacks,” Trend Micro vice-president, Asia-Pacific, Middle East, and Africa, Dhanya Thakkar, says.
“This year we’ve added data from Europe and APAC to provide a truly global insight. It will help organisations find better ways to cut through complexity, mitigate insider threats and skills shortages, and enhance Cloud security to minimise cyber risk and drive post-pandemic success.”
Responding organisations in APAC claimed their top cyber threat risks are:
- Man-in-the-middle attack
- Phishing and social engineering
Across APAC, organisations’ key concerns are:
- Customer turnover
- Stolen or damaged equipment
- Lost intellectual property (including trade secrets)
- Disruption or damages to critical infrastructure
- Productivity decline
“Trend Micro’s CRI is a useful tool for companies to better understand their cyber risk,” Ponemon Institute CEO, Dr Larry Ponemon, says. “Expanding this to be a global resource in 2020 opens the door for more organisations to leverage this useful information. Businesses of all sizes and industries across the globe can use the CRI to improve their protection strategy and better prepare their cybersecurity posture in the year to come.”
There were differences between certain regions, as well. In the US respondents were unique in listing the cost of outside consultants as a top negative consequence of attack, while in APAC damage to critical infrastructure concerned organisations.
The top APAC security risks within IT infrastructure were:
- Organisational misalignment and complexity
- Cloud computing infrastructure and providers
- Shortage of qualified personnel
- Negligent insiders
- Malicious insiders
This is the third CRI study and shows a significant increase in cyber risk in 2020.