An estimated 80% of US businesses expect to be hit by a critical security breach at some point in the coming year, according to new research from Trend Micro.
The security giant polled over 1000 IT security professionals to compile a new Cyber Risk Index (CRI), designed to help CISOs better identify and prioritize threats.
The CRI measures business risk based on the difference between organizations’ current security posture and their likelihood of attack.
Sensitive R&D data, trade secrets, customer accounts and other confidential information was claimed to be at greatest risk. Respondents also said that secure implementation of mobile, cloud and IoT systems and detecting zero-day attacks was a big concern.
Larry Ponemon, founder of the Ponemon Institute, which carried out the research, explained that the CRI would be run twice a year to capture benchmarks from the various interviews with IT and cybersecurity leaders.
“Over time, these benchmarks can be used to pinpoint trends that will help CISOs proactively manage risks within the ever-changing cybersecurity ecosystem,” he added.
The first report claimed that skills shortages, IT complexity and a lack of security connectivity, scalability and agility, were at the root cause of cyber-risk.
Trend Micro recommended several steps to help mitigate cyber-threats, starting with identifying critical data and then building controls appropriate to their risk appetite. It also suggested trying to minimize the complexity of IT infrastructure, investing in new and existing talent and updating existing security platforms to detect advanced threats and protect digital platforms.
The headline findings of the report have been borne out by multiple reports of breaches already this year. So far, organizations as diverse as aerospace giant Airbus, home improvement site Houzz, photography network 500px and restaurant chain Huddle House have been caught out, with potentially millions of customers affected.
A report from DLA Piper last week claimed that over 59,000 reports of breaches have already been filed with GDPR regulators in Europe.