Cyber Risk Index – A Guide for CISOs and IT Security
Trend Micro has partnered with the Ponemon Institute to develop a new Cyber Risk Index (CRI), which is intended to help CISOs and their IT Security teams better understand the current cyber risk compared to similar businesses of their size and industry. The CRI is based on a survey conducted by Ponemon to more than 1,000 IT professionals in the US from small, medium and large businesses and it looks at two aspects: How prepared are organizations to protect their data and systems versus the current threats targeting them. Our plan is to run the CRI every six months to obtain trending data to see if the CRI improves or not over time.
The CRI is based on a -10 to +10 scale with -10 being high risk and +10 being minimal risk. The results show that businesses overall are at an elevated risk of cyber threats with a score of -0.15. We also broke out the results based on company size, which shows that small businesses are at the highest risk at -0.59.
The good news is enterprise businesses responded with a moderate risk index level. When we break out the results by industry, for those industries where we had enough responses for a good statistical average they all showed elevated risk levels with the highest risk associated with services, public sector, retail, health & pharmaceutical industries.
Let’s look at some of the more interesting results from the survey based on all respondents.
Cyber Attacks Will Likely Occur
|
|
The above results show that our respondents are not confident that they can thwart an attack, and believe some of their most valuable data will be exfiltrated.
Critical Data is at Risk
The top four things at highest risk of loss or theft are (in order of highest risk):
|
|
The good news is our respondents recognize that their most valuable data is at risk, as these four data types could significantly affect the businesses existence if stolen.
Challenges within Organizations
The following represent challenges within organizations that add additional risk. Respondents reported that they don’t believe their business is sufficient in these areas.
|
|
When you look at these top risks, many appear to show a lack of confidence in the organization’s security controls to detect and block attackers as well as challenges dealing with new technologies being introduces and a security architecture that isn’t well coordinated.
Top Threats
When we asked what the top threats against them we see the top two targeting their employees:
|
|
There are many more results we can share and I’ll do so in further blogs to help you better understand all of the insights we’ve obtained from this project. We also look forward to seeing the next round to see if organizations feel they’ve improved their capabilities or if they think the threats targeting them have gotten easier or harder to defend against. I’ll leave you with a few of the ways we think organizations can improve their capabilities in protecting against these threats:
|
|
Check out more details of the Cyber Risk Index as well as taking a shortened version of the survey yourself to see how you stack up against your peers on our CRI webpage.
Read More HERE