Cyber-Risk Declines But 69% of Canadian Organizations Predict Successful Attacks in Coming Year
May 04, 2023

Trend Micro's Cyber Risk Index finds preparedness is slowly improving

Read the French release here.

TORONTO, May 4, 2023 Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today announced the findings of its latest global Cyber Risk Index (CRI) for the second half of 2022. According to the results, the overall global cyber-risk levels have improved from "elevated" to "moderate" for the first time. While North America and Canada still stand at an elevated risk level, Canada received a score of -0.03, which shows an improvement compared to the first half of the year (-0.30).

Results also revealed almost two-thirds (60%) of Canadian organizations still anticipate they’ll be breached in the next 12 months, with almost one-out-of-five (18%) claiming this is “very likely” to happen.

Jon Clay, VP of threat intelligence at Trend Micro: "For the first time since we've been running these surveys, we saw the global cyber-risk index not only improve but move into positive territory at +0.01. Canada has also steadily shown improvement since our last survey, although there is still work to be done. Canadian organizations must continue to take steps to improve their cyber-preparedness so they can stay ahead of the ever-evolving threats, especially since most anticipate a breach within the next year."

Additionally, the CRI found that cyber-preparedness improved in Europe and APAC but declined slightly in Latin and North America over the past six months, with Canada going from a score of 5.31 in the first half of 2022, to a score of 5.18 (staying at a moderate risk).  Moreover, the threat index went from 5.61 in the first half of 2022 to 5.21; a 7.1% decrease in the last six months.

Despite this improvement, most Canadian organizations are still pessimistic about their prospects over the coming year. The CRI found that most respondents in Canada said it was "somewhat to very likely" they'd suffer a breach of customer data (61%) or Information assets (e.g. intellectual property) (60%) or a successful cyber-attack (69%).

These figures represent a decrease of 14%, 19% and 17%, respectively, from the last report.

At a global level, the top four threats listed by respondents in the CRI 2H 2022 remained the same from the previous report:

1) Clickjacking
2) Business Email Compromise (BEC)
3) Ransomware
4) Fileless attacks

"Botnets" replaced "login attacks" in fifth place.

Global respondents also named employees as representing three of their top five infrastructure risks:

1) Negligent insiders
2) Cloud computing infrastructure and providers
3) Mobile/remote employees
4) Shortage of qualified personnel
5) Virtual computing environments (servers, endpoints)

Dr. Larry Ponemon, chairman and founder of Ponemon Institute, said: "As the shift to hybrid working gathers momentum, organizations are rightly concerned about the risk posed by negligent employees and the infrastructure used to support remote workers. They will need to focus not only on technology solutions but people and processes to help mitigate these risks."

Based on the global survey results, the greatest areas of concern for businesses related to cyber-preparedness are:

People: "My organization's senior leadership does not view security as a competitive advantage."

Process: "My organization's IT security function doesn't have the ability to unleash countermeasures (such as honeypots) to gain intelligence about the attacker."

Technology: "My organization's IT security function does not have the ability to know the physical location of business-critical data assets and applications."

*The six-monthly Cyber Risk Index was compiled by the Ponemon Institute from interviews with 3729 global organizations. The index is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. It is calculated by subtracting the score for cyber threats from the score for cyber-preparedness.

To read a full copy of the Trend Micro Cyber Risk Index (CRI) 2H 2022*, please visit:

About Trend Micro
Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world.