Three quarters of all German companies were victims of cyber attacks in the past year. Trend Micro's Cyber Risk Index indicates an increased risk of cyber attacks worldwide - German companies are better positioned in an international comparison.
Trend Micro publishes new study results, according to which 75 percent of companies in Germany experienced cyber attacks that infiltrated their networks or systems in the past twelve months. The majority (64 percent) of the companies surveyed in Germany expect that such attacks will likely occur again in the next twelve months "somewhat" to "very". The findings come from the latest version of Trend Micro's Cyber Risk Index (CRI). This index is calculated by the independent Ponemon Institute and describes the difference between the current security level of companies and the probability of an attack.
CRI as an indispensable resource for CISOs
"The CRI is fast becoming an indispensable resource for CISOs who want to assess their ability to react to cyber attacks," explains Richard Werner, Business Consultant at Trend Micro. “This year we also looked at companies in Europe and the Asia-Pacific region for the first time in order to provide a real global overview. We want to help companies around the world to reduce complexity, counter insider threats and skills shortages and improve cloud security in order to minimize cyber risk. "
Results worldwide
The CRI is based on a numerical scale from -10 to +10, with -10 being the highest risk level. The current global index is -0,41, which corresponds to an “increased” risk. The USA has the greatest risk worldwide with a value of -1,07, as there cyber defense readiness is perceived as inadequate compared to other regions.
The companies surveyed named the following cyber threats the most frequently worldwide
- Phishing and Social Engineering
- Clickjacking
- Ransomware
- Fileless attacks
- Botnets
- Man-in-the-middle attacks
Respondents are most concerned about the negative consequences of cyber attacks
- Loss of customer data
- Unauthorized access to intellectual property and financial data
- Customer churn
- Stolen or damaged systems and equipment
The most important global security risks within IT infrastructures were named
- Organizational misalignment and complexity
- Negligent employees
- Cloud Computing Infrastructure and Providers
- Lack of qualified personnel
- Malicious insiders
Results for Germany and Europe
The CRI for Germany is 1,02 - this only corresponds to a “moderate” risk. The risk index for Europe is -0,13, which represents an “increased” risk level. Compared to the USA, the overall risk for European companies is lower. The reason for this is that they are better prepared for possible cyberattacks at roughly the same level of threat.
“In an international comparison, German companies are particularly well prepared to deal with cyber attacks and data loss. The strict requirements of the General Data Protection Regulation and the IT Security Act seem to be having an effect: companies have done their homework and invested in better cybersecurity. We attribute this to the fact that IT security has actually become a top priority in many companies, which is reflected in higher strategic priority and larger budgets. This is a very positive development, ”continues Richard Werner. “Unfortunately, the figures also show that the risk of cyber attacks is still high and that attackers regularly manage to break into systems. We therefore advise companies to invest more in solutions to detect and combat attacks that have occurred (detection and response). "
DoS attacks are very much feared
In addition to the most common threats around the world, German companies also fear denial-of-service attacks (DoS), attacks using SSI injection and insider threats from employees.
The CRI was drawn up for the third time for the USA. There it shows a significant increase in cyber risk in 2020. The full report shows this change over time, describes the greatest security challenges for companies worldwide and gives tips on how to minimize security risks.
"The Trend Micro CRI is a useful tool for companies to better understand their cyber risk," said Dr. Larry Ponemon, CEO of the Ponemon Institute. “The expansion to a global survey enables more organizations to use this information. Companies of all sizes and industries worldwide can use the CRI as a guide in order to improve their protection strategy and their level of security. "
About the Study
In October 2020, the Ponemon Institute surveyed 2.795 IT and IT security specialists worldwide, 824 of them in Europe and 129 from Germany. The complete Cyber Risk Index and numerous additional resources are available online.
More about the study at TrendMicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.