Trend Micro’s new survey has calculated 69% of Australian organisations anticipate they are likely to experience a data breach that impacts customer data in the next 12 months.
The CRI is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. The current global index stands at -0.42, a slight increase on last year which indicates an “elevated” risk. Australia’s global index is currently -0.89, indicating a more elevated risk compared to the global figure.
“Once again we’ve found plenty to keep CISOs awake at night, from operational and infrastructure risks to data protection, threat activity and human-shaped challenges,” said Dr. Jon Oliver, Director & Data Scientist, Trend Micro. “To lower cyber risk, organisations must be better prepared by going back to basics, identifying the critical data most at risk, focusing on the threats that matter most to their business, and delivering multi-layered protection from comprehensive, connected platforms.”
Organisations in Asia-Pacific ranked the top three negative consequences of an attack as critical infrastructure damage and disruption, lost IP and cost of outside consultants/experts brought in to help mitigate the damage.
Key Australian findings from the report include:
- 64% said it was somewhat to very likely that they’d suffer serious cyber-attacks in the next 12 months
- 30% suffered 7 or more cyber-attacks that infiltrated networks/systems
- 19% had 7 or more breaches of information assets
- 24% of respondents said they’d suffered 7 or more breaches of customer data over the past year
“Trend Micro’s CRI continues to be a helpful tool to help companies better understand their cyber risk,” said Dr. Larry Ponemon, CEO for the Ponemon Institute. “Businesses globally can use this resource to prioritise their security strategy and focus their resources to best manage their cyber risk. This type of resource is increasingly useful as harmful security incidents continue to be a challenge for businesses of all sizes and industries.”
Among the top two infrastructure risks was cloud computing. Many respondents admitted they spend “considerable resources” managing third party risks like cloud providers.
The top cyber risks in Asia-Pacific highlighted in the report were as follows:
- Ransomware
- Watering hole attacks
- Advanced persistent threats (APT)
- Malicious insiders
- Fileless attacks
The top security risks to infrastructure in Asia-Pacific include malicious insiders, as well as well as cloud computing infrastructure and providers and organisational misalignment and complexity.
The main challenges for cybersecurity preparedness include limitations for security leaders who lack the authority and resources to achieve a strong security posture, as well as organisations struggling to enable security technologies that are sufficient to protect their data assets and IT infrastructure.
The CRI surveyed more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America, in the first half of 2021.