Cyber Risk Index (CRI)

Trend Micro and the Ponemon Institute investigate cybersecurity gaps

Investigating cyber risk

Trend Micro Research created the Cyber Risk Index (CRI) in tandem with the Ponemon Institute to investigate cyber risks and identify key areas for improving cybersecurity. Refreshed regularly, the CRI measures the gap between an organization's current security posture and its likelihood of being attacked. As before, this latest round provides a global view of organizations across North America, Europe, Asia-Pacific, and Latin/South America. 


Current global Cyber Risk Index score: +0.01
A lower CRI = higher risk

The index is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk.

CRI Gauge

Key findings reveal the need for a better security strategy

CRI Trends
CRI Trends

Overall, the global CRI improved, reaching a positive score for the first time driven by enhanced cyber preparedness and a better threat landscape in 2H’2022. North and Latin/South America remained negative, while Europe and Asia-Pacific shifted to positive.


Top risk factors globally indicated by the survey’s respondents

Cybersecurity challenges

We surveyed 1,143 North American, 736 European, 1,136 Asia-Pacific, and 713 Latin/South American IT security professionals from a wide range of industries and company sizes. Here’s what we found.

Lock and key icon

Global CRI and regional scores improved, with Europe and Asia-Pacific running positive and North and Latin/South American in the negative. Challenges persist across the risk spectrum of People, Process, and Technology (PPT) for each organization.  

Reports icon

A total of 78% respondents worldwide anticipate a successful cyberattack within 12 months, down 7% from the last survey, but revealing a crucial detection gap. One-third (33%) experienced 7 or more successful attacks against their networks in the past 12 months.

Stealing data icon

The primary adverse effects of cyberattacks include damage to critical infrastructure, reduced productivity, external consultant costs, regulatory actions or lawsuits, and reputational harm. And ransomware attacks often lead to disruption and productivity loss.

How does your organization fare?

A business with a strong cybersecurity posture can assess, protect, detect, respond to, and recover from serious threats against data, applications, and IT infrastructure. This abbreviated version of our survey determines your own CRI results along with recommendations on mitigating your cyber risk.

Assess, protect, detect, respond to, and recover from threats

Deploying a comprehensive enterprise risk management framework, such as NIST’s “Cyber Security Framework”, is a great start. CISOs must apply their unique formula of “people + process + technology” to reduce overall risk.

At Trend, we’re committed to addressing your challenges. Our unified cybersecurity platform, Trend One, delivers a trusted extended detection and response (XDR) threat center to strengthen your organization’s visibility and response to cyberattacks. And our new Trend Vision One™ delivers risk insights to help you quantitatively assess your risk across devices, accounts, and more.

Stealing info thumbnail