Cyber Risk Index (CRI)

Trend Micro and the Ponemon Institute investigate cybersecurity gaps

The Cyber Risk Index (CRI)

We teamed up with the Ponemon Institute to investigate the level of cyber risk across organizations and create a Cyber Risk Index (CRI). Refreshed regularly, the CRI is a comprehensive measure of the gap between an organization's current security posture and its likelihood of being attacked. The latest round added Latin/South America to the other three regions, North America, Europe, and Asia-Pacific to provide a global view of organizations’ risk level.

Current cyber risk index average: -0.42
A lower CRI = higher risk

The index is based on a numerical scale of -10 to 10, with -10 representing the highest level of risk.

Elevated Risk
Elevated Risk

Key findings reveal the need for a better security strategy

Cyber Risk Index 2021

The CRI has been run four times for the USA. Below are the results from each round.

Cyber Risk index - YoY

USA risk YoY chart

Note: The increased CRI in the USA is due to a higher Cyber Preparedness and Cyber Threat Indices, which translates into a higher risk overall.

Five key risk areas

Top risk factors globally indicated by the survey’s respondents

Risk Areas

Cybersecurity challenges

We surveyed 1,145 North American, 885 European, 845 Asia-Pacific, and 802 Latin/South American IT security professionals from a wide range of industries and company sizes. Here’s what we found.

Overall, the North American risk increased from the previous results and was the highest. With Asia-Pacific and Europe being the next highest risk region and Latin/South America having the lowest risk. Three of four regions are at an elevated risk level.

86% of respondents expect to be breached in the next 12 months, exposing a critical gap in breach detection capabilities. Almost 25% have experienced 7 or more successful attacks against their networks in the past 12 months.

The top four data types at highest risk of loss or theft across the world are financial information, business communication (email), consumer data, and analytics (data models). All of which could dramatically affect the health of an organization.

Try the quick CRI calculator

A business with a strong cybersecurity posture can assess, protect, detect, respond to, and recover from serious threats against data, applications, and IT infrastructure.

How does your organization fare?

Recover Threats

Assess, protect, detect, respond to, and recover from threats

Deploying a comprehensive enterprise risk management framework, such as NIST’s Cyber Security Framework, is a great start. Since each organization is different, CISOs must apply their unique formula of: people + process + technology to reduce their overall risk.

At Trend Micro, we are committed to helping organizations address their security challenges through tailored and automated security solutions.