Cyber Risk Index (CRI)

Understand your cybersecurity gaps and how to minimize the risk of cyber attacks

A global snapshot of cybersecurity resilience

With the help of the Cyber Risk Index (CRI), you can assess the gaps in your organization’s current security posture and how you compare with your peers. Updated regularly, the CRI was created by Trend Micro Research and Ponemon Institute by surveying organizations across the globe to investigate their level of cyber risk. As before, the latest round includes North America, Europe, Asia-Pacific, and Latin/South America.

Current global Cyber Risk Index score: -0.04,
representing elevated risk

The index is based on a numerical scale of -10 to 10, with -10 indicating the highest level of risk.

Ponemon Institute
Elevated Risk

A lower CRI = higher risk

Findings show that global businesses have a very high chance of being breached

Cyber Risk Index Trends bar chart
Cyber Risk Index Trends line chart

Overall, the CRI trended upward globally due to enhanced cyber preparedness and respondents perceiving the threat landscape as improving. Latin/South America was the only region that saw a lower CRI in comparison with other regions.

Top risk factors across 5 key risk areas

Risk Areas

Cybersecurity challenges revealed

We surveyed 980 North American, 886 European, 875 Asia-Pacific, and 700 Latin/South American IT security professionals from a wide range of industries and company sizes. Here’s what we found since the previous survey.

CRI working on laptop

Still elevated, North American and European risk decreased. Latin/South American CRI increased, remaining elevated while Asia-Pacific is now at “moderate risk.”

The ongoing COVID-19 pandemic was a significant factor with shifts in responses from work from-home/mobile employees, cloud infrastructure, and third-party risks to organizations.

CRI workers pointing to risk

76% of respondents expect a breach in the next 12 months – a 10% decrease, but an indication of critical security gaps. Over one-third of organizations faced 7 or more successful network attacks in the past 12 months – a 10% increase since previous results.

CRI man monitoring attack

The harmful consequences of an attack quickly add up. The respondents named stolen or damaged equipment, customer turnover, reputational damage, and litigation as key concerns. The costs of hiring cybersecurity consultants to address customer data leaks and regulatory measures add to the pressure.

Try the quick CRI calculator

A business with a strong cybersecurity posture can thwart serious threats against data, applications, and IT infrastructure. Use this abbreviated version of our survey for CRI results and recommendations on how to mitigate your cyber risk.

How does your organization fare?

Recover Threats

Assess, protect, detect, respond to, and recover from threats

Deploying a comprehensive enterprise risk management framework, such as NIST’s “Cyber Security Framework”, is a great start. Since every organization is different, CISOs must apply their unique formula of “people + process + technology” to reduce their overall risk.

Schedule a meeting with one of our risk experts to discuss your business' risk level and how Trend Micro One, our unified cybersecurity platform, can help you better understand, communicate, and mitigate cyber risk across your organization.