Curb Your Cyber Risk

Cyber risk is at an all-time high. Do you know where your weaknesses lie?

April 15, 2020

Cyberattacks are showing no signs of abating, becoming more advanced and stealthier in order to evade the security controls you have in place. With threats constantly knocking at your door, it's crucial for companies to focus on assessing, detecting, preventing, and responding to the threats.

To do this effectively, you need a strategic and informed security strategy that provides you the ability to decrease your risk and increase your awareness of where you could do better in preparing against attacks. Dive into our Cyber Risk Index (CRI) study to see where your security strategy may have room for improvement and how to fill in the gaps.

With a focus on better understanding the risks faced by global organizations, Trend Micro, in conjunction with Ponemon Institute, recently conducted the 2nd edition of the Cyber Risk Index (CRI). This comprehensive index aims to measure an organization’s readiness to respond to different kinds of cyberattacks. And not so shockingly, it showed that businesses remain at an elevated risk of cyberattack due to their increased concerns over disruption or damages to critical infrastructure. The CRI increased over the 2018 edition of the index, mainly due to a perceived increased risk in the threats targeting organizations.

“Organizations continue to invest in cutting-edge technologies to combat the growing risk of cyber threats to their data and infrastructure, but our latest CRI survey shows there’s still room to better prepare against attacks,” said Jon Clay, director of global threat communications for Trend Micro.

Utilizing an interactive tool, you can assess your security posture in this ever-changing landscape and compare yourself to the overall results. In 2019, the top security concerns that should be kept top of mind include the fact that:

  • 65% have experienced one or more breaches of customer data and 62% have lost sensitive intellectual property over the last 12 months
  • 78% predict that, in the next year, they will lose customer records and 77% predict they will lose information assets
  • 73% said they experienced infiltration of their networks and/or enterprise systems over the past year
  • 81% believe an attack is likely in the next 12 months


Overall, respondents rated disruption or damage to critical infrastructure as the top consequence of such attacks, while phishing and other forms of social engineering were highlighted as the number one threat for organizations. The report also highlights four data types that you need to pay particularly close attention to, as they face the highest risk: R&D information, financial information, confidential information, and customer accounts.

With so much to do and limited time and resources to do it, you need to approach your security strategy in a strategic and efficient manner. Taking the current threat landscape into consideration, our findings show that businesses can greatly minimize their risks by implementing these security best practices:

  1. Identifying and building security around critical data by focusing on risk management and the threats that could target this data.
  2. Minimizing infrastructure complexity and improving alignment across the whole security stack.
  3. Getting senior leadership to view security as a competitive advantage.
  4. Improving the ability to protect the business environment, including properly securing BYOD, IoT and industrial IoT devices, and cloud infrastructure.
  5. Investing in both new talent and existing security personnel to help them keep up with the rapidly evolving threat landscape, as well as improve retention.
  6. Reviewing existing security solutions and comparing them with the latest technologies that can detect advanced threats like ransomware and botnets.
  7. Improving IT security architectures with high interoperability, scalability, and agility.


As Jon Clay explains, “By using the CRI to take a risk management approach to security, organizations can be more strategic in their investments, and work to encourage the C-level executives to elevate cybersecurity to the top of their priority list.” Utilizing the best practices above and absorbing all of knowledge provided in the CRI, you can evolve your cybersecurity strategy to fit with the current landscape and mitigate risk for your organization. If you want to dive in even deeper, visit https://www.trendmicro.com/en_us/security-intelligence/breaking-news/cyber-risk-index.html