Nearly Three-Quarters of Canadian Organizations Think They’ll Be Breached in 2022: Trend Micro

Trend Micro Incorporated today announced the findings of its latest global Cyber Risk Index (CRI) for the second half of 2021, standing globally at -0.04, which is an elevated risk level with North America being at -0.01. Canada received a score of 0.16, which shows that the country has a moderate cyber risk level in comparison to global and North American (NA) organizations. The research also found that Canada is more prepared than all of North America to handle cyber risk (at a score of 5.41 vs. 5.35 in NA). However, respondents revealed that nearly three-quarters (74%) of Canadian organizations think they’ll be breached in the next 12 months, with 30% claiming this is “very likely” to happen.

Cyber Risk Index Ratings
RangeInterpretation
5.01 to 10Low Risk
0.1 to 5.0Moderate Risk
0 to -5.0Elevated Risk
-5.01 to -10High Risk
Cyber Preparedness Index Ratings 
RangeInterpretation
7.51 to 10Low Risk
5.01 to 7.50Moderate Risk
2.51 to 5.0Elevated Risk
0 to 2.5High Risk

The biannual CRI report asks pointed questions to measure the gap between respondents’ preparedness for attacks and their likelihood of being attacked*. In Canada, 83% of organizations claimed to have suffered one or more successful cyber-attacks in the past 12 months, with 32% saying they’d experienced seven or more.

Ransomware, phishing/social engineering, denial of service (DoS) and botnets top the list of key concerns, with negative consequences of a breach including stolen or damaged equipment, lost revenues and costs of outside consultants/experts.

When it comes to IT infrastructure, Canadian organizations are most worried about security risks in relation to mobile/remote employees (score of 7.55/10), third-party applications (score of 7.25/10), and mobile/ smart phone devices (6.55/10). 

While digital investments were necessary to support remote working and drive business efficiencies during the pandemic, this report brings to light the increasing corporate attach surface and ongoing challenges business face securing such investments.

In Canada, the highest levels of risk were around the following statements:

  • My organization’s IT security function strictly enforces acts of non-compliance to security policies, standard operating procedures, and external requirements 
  • My organization’s IT security function supports security in the DevOps environment
  • My organization makes appropriate investments in leading-edged security technologies such as machine learning, automation, orchestration, analytics and/or artificial intelligence tools. 
  • My organization’s IT security function complies with data protection and privacy requirements.
  • My organization’s IT security leader (CISO) has sufficient authority and resources to achieve a strong security posture.

This clearly indicates that more resources must be diverted to people, processes, and technology to enhance preparedness and reduce overall risk levels.

As organizations and security teams struggle to manage the increasing complexity introduced by digital transformation, data privacy, compliance, and more, the need for a platform-based approach will be critical.

An index value is calculated from this information based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. In this report, the Canada CRI stood at 0.16 versus -0.01 for North America and -0.04 for global, indicating a moderate level of risk.  

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: