Cyber Risk Index (CRI)

Trend Micro and the Ponemon Institute investigate cybersecurity gaps

The Cyber Risk Index (CRI)

We teamed up with the Ponemon Institute to investigate the level of cyber risk across organizations and create a Cyber Risk Index (CRI). Refreshed regularly, the CRI is a comprehensive measure of the gap between an organization's current security posture and its likelihood of being attacked. The latest round includes European and Asia-Pacific regions to provide a global view of organizations’ risk level.

Current cyber risk index average: - 0.41
A lower CRI = higher risk

The index is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk.

Elevated Risk
Elevated Risk

Key findings reveal the need for a better security strategy

Cyber Risk Index 2020

The CRI has been run 3 times for the USA. Below are the results from each round.

Cyber Risk index - YoY

USA risk YoY chart

Note: The increased CRI in the USA is due to a higher Cyber Preparedness Index, which translates into a higher risk of combatting threats today than in the past.

5 key risk areas

Top risk factors globally indicated by the survey’s respondents

Risk Areas

Cybersecurity challenges

We surveyed 1,119 USA, 824 European, and 852 Asia-Pacific IT security professionals from a wide range of industries and company sizes, and here’s what we found.

Overall, the USA’s risk increased from the previous results and was the highest. With Europe being the next highest risk region and Asia Pacific having the lowest risk, however, all regions are at an elevated risk level.

83% of respondents expect to be breached in the next 12 months, exposing a critical gap in breach detection capabilities. Almost 25% have experienced 7 or more successful attacks against their networks in the past 12 months.

The top 3 data types at highest risk of loss or theft are financial information, companies’ confidential information, and consumer data, each of which could dramatically affect the health of an organization.

Try the quick CRI calculator

A business with a strong cybersecurity posture can assess, protect, detect, respond to, and recover from serious threats against data, applications, and IT infrastructure.

How does your organization fare?

Recover Threats

Assess, protect, detect, respond to, and recover from threats

Deploying a comprehensive enterprise risk management framework, such as NIST’s Cyber Security Framework, is a great start. Since each organization is different, CISOs must apply their unique formula of people + process + technology to reduce their overall risk.

At Trend Micro, we are committed to helping organizations address their security challenges through tailored and automated security solutions.