Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, revealed that cyber risk levels in Asia Pacific (APAC) have improved from the first half to the second half of 2022, according to its latest survey on cyber risk.
Nevertheless, organizations remain pessimistic about the threat landscape, with 82% anticipating successful attacks this year.
IMAGE CREDIT: https://www.freepik.com/
The findings come from Trend Micro’s biannual Cyber Risk Index (CRI) [1] report, which measures the gap between respondents’ cybersecurity preparedness versus their likelihood of being attacked. In the second half of 2022, the CRI surveyed more than 3,700 CISOs, IT practitioners, and managers across North America, Europe, Latin/South America, and the Asia Pacific (APAC) region.
In APAC, enhanced cyber preparedness is a key driver of improved cyber risk levels — which have shifted from “elevated” to “moderate”. However, organizations cannot rest on their laurels with the prospect of threats looming.
The threats that APAC organizations are most worried about this year are as follows:
- Three in four organizations cited that it was “somewhat to very likely” that they would suffer a breach of customer data (74%), intellectual property (74%), or a successful cyberattack (82%).
- These figures represent declines of just 2%, 4%, and 7% respectively, from the results of the CRI in the first half of 2022.
Nilesh Jain, Vice President, Southeast Asia & India, Trend Micro, said, “We’ve seen a drastic improvement in the APAC cyber risk index since the first half of 2022, with figures moving into positive territory at 0.05 from negative levels. This is a promising result as it means that organizations have greatly stepped up to improve their cyber preparedness. It is crucial for organizations to continue this momentum by focusing on the threats that matter most to their business this year. The first step is to gain complete and continuous attack surface visibility and control.”
“To address new complexities arising from an expanding attack surface, security teams need to bolster their capabilities in proactive attack surface risk management. On top of architecture improvements for enhanced interoperability, scalability, and agility, having a unified cybersecurity platform with extended detection and response (XDR) capabilities is also critical in enhancing security teams’ visibility and response to cyber threats across internal and external systems, accounts, and devices. This would give organizations a leg-up in understanding, communicating, and mitigating expected risks,” he added.
The Philippines’ cyber risk declines
Although the Philippines continues to experience “elevated” risk levels, there has been some improvement since the first half of 2022, with cyber risk declining and preparedness improving.
| Table 1: Cyber Risk in APAC & Philippines | |||
| Time frame | Cyber Risk Index & Risk Label | Business Implications (Elevated Risk) | |
| APAC | Philippines | ||
| First half of 2022 | -0.11 Elevated risk | -0.21 Elevated risk | High likelihood of a compromise. Some ability to detect new threats. Low visibility of threats within the network. Lack of an incident response process |
| Second half of 2022 | 0.05 Moderate risk | -0.06 Elevated risk | |
However, local organizations remain strongly on guard with over 80% of organizations citing that they are “somewhat to very likely” to experience a breach in customer data (82%), intellectual property (82%), or a successful cyberattack (87%) in the next 12 months.
Expected cyber threats in the Philippines & APAC this year
Organizations in the Philippines and APAC cited ransomware, business email compromise, and botnets among the top five cyber threats that they expect to experience this year.
| Table 2: Top 5 Expected Cyber Threats | |
| APAC | Philippines |
| Business Email Compromise (BEC) Ransomware Clickjacking Botnets Crypto-mining | Ransomware Business Email Compromise (BEC) Botnets Watering Hole Attacks Denial of Service (DoS) |
Current infrastructure security risks of organizations in the Philippines & APAC
In APAC and the Philippines, the primary infrastructure risks cited are people-related. Respondents in the Philippines and across the region named employees/personnel as representing three of their top five infrastructure risks.
| Table 3: Top 5 Current Security Risks in Infrastructure | |
| APAC | Philippines |
| Negligent insiders Cloud computing infrastructure and providers Shortage of qualified personnel Mobile/remote employees Organisational misalignment and complexity | Negligent insiders Shortage of qualified personnel Cloud computing infrastructure and providers Organisational misalignment and complexity Mobile or remote employees |
Ian Felipe, Country Manager, Trend Micro Philippines: “Hybrid work has become the norm in the Philippines—Trend Micro’s recent Risky Rewards study revealed that 78% of Filipino businesses believe that offering the ability to work from anywhere has become vital in the war for talent.
At the same time, 62% believe there is a strong connection between cybersecurity and overall business risk. Local organizations thus need to master a balancing act between offering employees flexibility and minimizing both the security and business risks that arise. Armed with the insights provided by the CRI, CISOs, and CIOs in the Philippines can now better evaluate not only the technology solutions but its people and processes to help mitigate cyber risks across the enterprise.”
To read a full copy of the Trend Micro CRI 2H 2022, please visit: https://www.trendmicro.com/en_us/security-intelligence/breaking-news/cyber-risk-index
About Trend Micro
Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fuelled by decades of security expertise, global threat research, and continuous innovation, Trend Micro’s cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. www.TrendMicro.com.
Appendix
About Trend Micro’s CRI 2H 2022:
The six-monthly Cyber Risk Index was compiled by the Ponemon Institute from interviews with 3729 global organizations. The index is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. It is calculated by subtracting the score for cyber threats from the score for cyber preparedness.
Markets examined in APAC include Australia, Hong Kong SAR, India, New Zealand, Japan, Taiwan, Indonesia, Malaysia, the Philippines, Singapore, Thailand, and Vietnam.
Trend Micro’s CRI Ratings:
| Cyber Risk Index Levels | Risk Label | Business Implications |
| +5.01 to +10.00 | Low Risk | Minimal likelihood of a compromise. High ability to detect new threats. Very good visibility of threats within network. Very good incident response process |
| 0.00 to +5.00 | Moderate Risk | Minimal likelihood of a compromise. High ability to detect new threats. Very good visibility of threats within the network. Very good incident response process |
| -5.00 to 0.00 | Elevated Risk | High likelihood of a compromise. Some ability to detect new threats. Low visibility of threats within the network. Lack of an incident response process |
| -10.00 to -5.01 | High Risk | Very high likelihood of a compromise. Very low ability to detect new threats. Very low visibility of threats within the network. Very poor or no incident response process. |
[1] Please see the Appendix for an explanation of the CRI and its ratings