Businesses are more prepared for cyberattacks than ever - but they still aren't confident

Supply Chain
(Image credit: / TMLsPhotoG)

When it comes to cybersecurity risk levels, businesses have finally moved the needle into positive territory. However, they still aren’t confident in their defense mechanisms, identifying insiders as a continuous threat. 

This is according to the Cyber Risk Index (CRI), a new research paper published by Trend Micro based on more than 3,000 businesses worldwide. It found that the global cyber-risk index has improved and moved into positive territory at +0.01, meaning that organizations made significant strides to improve their cyber-preparedness. 

“There is still much to be done, as employees remain a source of risk. The first step to managing this is to gain complete and continuous attack surface visibility and control,” said Jon Clay, VP of threat intelligence at Trend Micro. In the last six months, cyber-preparedness improved in Europe and APAC but somewhat dropped in North America and Latin America, the paper claims. Threats fell in every region, except for Europe. 

Lingering pessimism

Despite the positive news, pessimism is still the dominating emotion among businesses as they look to the future. Trend Micro found the majority of businesses saying it was "somewhat to very likely" they will suffer customer data theft (70%), IP theft (69%), or a different type of cyberattack (78%).

All of these are down just 1%, 2%, and 7%, compared to 2022. 

That being said, businesses are most wary of clickjacking, business email compromise, ransomware, fileless attacks, and botnets. Login attacks, which held the number-five spot last year, were pushed out.

As for the biggest infrastructure risks, businesses are most worried about negligent insiders, followed by cloud computing infrastructure and providers risks, mobile and remote employees, talent shortage, and virtual computing environments such as servers and endpoints.

When looking to improve their cyber-preparedness, most businesses would focus on three things, the researchers found: people, processes, and technology. 

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.