#Privacy: Cyber risk index increased in 2019, study reveals

data breach

Trend Micro Incorporated a specialist in cybersecurity solutions, today released the results of its latest Cyber Risk Index (CRI) study.

The results show businesses remain at an elevated risk of cyber attack due to organizations’ increased concerns over disruption or damages to critical infrastructure. The CRI increased compared to the survey conducted in 2H 2018, mainly due to a perceived increased risk in the threats targeting them, and is now at its highest since the index began.

Trend Micro commissioned Ponemon Institute to survey more than 1000 organizations in the U.S. to assess business risk based on the difference between their current security posture and their perceived likelihood of attack.

“Organizations continue to invest in cutting-edge technologies to combat the growing risk of cyber threats to their data and infrastructure, but our latest CRI survey shows there’s still room to better prepare against attacks,” said Jon Clay, director of global threat communications for Trend Micro.

“By using the CRI to take a risk management approach to security, organizations can be more strategic in their investments, and work to encourage the C-level to elevate cybersecurity to the top of their priority list.”

Highlights from the 2019 CRI results include:

  • 65% have experienced one or more breaches of customer data and 62% have lost sensitive intellectual property over the last 12 months
  • 78% predict that, in the next year, they will lose customer records and 77% predict they will lose information assets
  • 73% said they experienced infiltration of their networks and/or enterprise systems over the past year
  • 81% believe an attack is likely in the next 12 months

“The Cyber Risk Index is a strong tool for CISOs to use when assessing their security posture in this ever-changing landscape,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute.

“Building on the benchmarks established in the 2018 survey, IT security leaders can easily distil the multitude of infrastructure and threat changes in a meaningful way.”

Overall, respondents rated disruption or damage to critical infrastructure as the top consequence of such attacks, while phishing and social engineering were highlighted as the number one threat for organizations. The report also identifies specific areas in which organizations lack risk mitigation. Adequate controls are still lacking in data and infrastructure security, and in many cases, IT security architecture is neither agile nor scalable enough.

Regarding risk mitigation, IT security functions reported that they support security in the DevOps environment.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/