The lack of ability to detect zero-day attacks is among the top 5 risk factors for organizations according to the latest Cyber Risk Index (CRI) by cybersecurity solutions firm Trend Micro.

Trend Micro commissioned Ponemon Institute to survey more than 1,000 organizations in the United States to assess business risk based on the difference between their current security posture and their perceived likelihood of an attack. The CRI is a comprehensive measure of the gap between an organization’s current security posture and its likelihood of being attacked.

The current survey shows an increase in the risk, particularly in terms of the attacks targeting organizations.

Have you read “Privacy commission’s 12 digital safety tips for Christmas”?

“The Cyber Risk Index is a strong tool for CISOs to use when assessing their security posture in this ever-changing landscape,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “Building on the benchmarks established in the 2018 survey, IT security leaders can easily distill the multitude of infrastructure and threat changes in a meaningful way.”

Trend Micro’s CRI also found that 65% of businesses surveyed have experienced one or more breaches of customer data and 62% have lost sensitive intellectual property over the last 12 months. A significant 73% said they experienced an infiltration of networks and/or enterprise systems over the past year.

Others have somewhat accepted the fact that data breaches are the new normal with 78% predict that, in the next year, they will lose customer records and 77% predict they will lose information assets. Whether they come prepared or not, 81% believe an attack is likely in the next 12 months.

“Organizations continue to invest in cutting-edge technologies to combat the growing risk of cyber threats to their data and infrastructure, but our latest CRI survey shows there’s still room to better prepare against attacks,” said Jon Clay, director of global threat communications for Trend Micro, in its media release published on the firm’s site. “By using the CRI to take a risk management approach to security, organizations can be more strategic in their investments, and work to encourage the C-level to elevate cybersecurity to the top of their priority list.”

Respondents are fully aware of the fact that disruption or damage to critical infrastructure is the top consequence of attacks, while phishing and social engineering were highlighted as the No. 1 threat for organizations. The report also identifies specific areas in which organizations lack risk mitigation. Adequate controls are still lacking in data and infrastructure security, and in many cases, IT security architecture is neither agile nor scalable enough.