Over Three-Quarters of Global Organizations Think They’ll Be Breached in 2022


Trend Micro Incorporated, a global cybersecurity leader, today announced the findings of its latest global Cyber Risk Index (CRI) for the second half of 2021, standing at -0.04, which is an elevated risk level with North America being at -0.01. Respondents revealed that 76% of global organizations think they’ll be successfully attacked in the next 12 months, with 25% claiming this is “very likely” to happen, and an even higher percentage (34%) among North American organizations.

“To craft effective cybersecurity strategy, organizations must master the art of risk management. This is where reports like the CRI can be a great resource in highlighting areas of possible concern,” said Jon Clay, Trend Micro VP-Threat Intelligence. “As remote working and digital infrastructure threats persist, organizations should adopt a platform-based approach to optimize security whilst minimizing their security sprawl.”

The semi-yearly CRI report asks pointed questions to measure the gap between respondents’ preparedness of attack and their likelihood of being attacked*.

In this report, 84% claimed to have suffered one or more successful cyber-attacks in the past 12 months, with over a third (35%) saying they’d experienced seven or more.

Threats they’re most concerned about globally are ransomware, phishing/social engineering, and denial of service (DoS)—and the negative consequences of a breach are stolen or damaged equipment, cost of outside consultants/experts, and customer turnover.

When it comes to IT infrastructure, organizations are most worried about mobile/remote employees, cloud computing (with a “high risk” score of 7.75 / 10 for North America), and 3rd party applications. USA organizations put the cloud computing risk score at 9.87 / 10.

This highlights the ongoing challenge many organizations have around securing the digital investments they made during the pandemic. Such investments were necessary to support remote working, drive business efficiencies and agility, and understand the corporate attack surface.

“Organizations are facing demanding security challenges every day, from software vulnerabilities, data breaches, to ransomware attacks and more,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “The semi-annual survey has been a tremendous asset in evaluating the rapidly evolving cyber risk landscape to help organizations improve security readiness and serving as a guidance in strategic planning.”

The highest levels of risk were around the following statements:

  • My organization’s IT security function supports security in the DevOps environment
  • My organization’s IT security leader (CISO) has sufficient authority and resources to achieve a strong security posture
  • My organization’s IT security function strictly enforces acts of non-compliance to security policies, standard operating procedures, and external requirements

This clearly indicates that more resources must be diverted to people, processes, and technology globally to enhance preparedness and reduce overall risk levels.

To view the full report, CRI 2022, please visit: www.trendmicro.com/cyberrisk  

* An index value is calculated from this information based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. In this report, the USA CRI stood at -0.18 versus -0.01 for North America and -0.04 for global, indicating a higher level of risk. This was driven by a higher cyber threat index figure in the US.