On April 18, Trend Micro Incorporated, a global cybersecurity leader, released the findings of its latest global Cyber Risk Index (CRI) for the second half of 2021. They’ve found that the global risk assessment stands at -0.04, an elevated risk level. Meanwhile, North America is found to be at -0.01. Canada ranked in with a score of 0.16, showing that the country has a moderate cyber risk level in comparison to global and North American (NA) organizations. Additionally, the research showed that Canada is more prepared than all of North America to handle cyber risk (at a score of 5.41 vs. 5.35 in NA). Despite the favourable finding, respondents revealed that nearly three-quarters (74%) of Canadian organizations think they run the risk of security breached within the next 12 months, with 30% claiming this is “very likely” to happen.
Cyber Risk Index Ratings
RANGE | INTERPRETATION |
5.01 to 10 | Low Risk |
0.1 to 5.0 | Moderate Risk |
0 to -5.0 | Elevated Risk |
-5.01 to -10 | High Risk |
“As organizations constantly navigate the ever-evolving security landscape, understanding what makes their businesses vulnerable is critical,” explains Greg Young, Vice President, Cybersecurity at Trend Micro Canada. “This is where reports like the CRI can be a great resource in highlighting areas of possible concern to help organizations develop an effective cybersecurity strategy.”
Cyber Preparedness Index Ratings
RANGE | INTERPRETATION |
7.51 to 10 | Low Risk |
5.01 to 7.50 | Moderate Risk |
2.51 to 5.0 | Elevated Risk |
0 to 2.5 | High Risk |
The CRI is a biannual report that asks pointed questions and measures the gap between respondents’ preparedness for attacks and their likelihood of being attacked*. In the past 12 months 83% of Canadian organizations claim to have suffered one or more successful cyber-attacks. Of these organizations, 32% say they experienced seven or more.
Topping the list of key concerns are ransomware, phishing/social engineering, denial of service (DoS) and botnets. The negative consequences of a breach can include stolen or damaged equipment, lost revenues, and costs of outside consultants/experts.
Where IT infrastructure is concerned, Canadian organizations are most worried about security risks in relation to:
- mobile/remote employees (score of 7.55/10)
- third-party applications (score of 7.25/10)
- mobile/smart phone devices (6.55/10)
Digital investments were necessary to support remote working and drive business efficiencies during the pandemic, but this report brings to light the ongoing challenges that businesses face securing such investments.
Dr. Larry Ponemon, Founder and Chairman of Ponemon Institute, says, “Organizations are facing demanding security challenges every day, from software vulnerabilities and data breaches to ransomware attacks and more. The semi-annual survey has been a tremendous asset in evaluating the rapidly evolving cyber risk landscape to help organizations improve security readiness and serving as a guidance in strategic planning.”
In Canada, the highest levels of risk were around the following statements:
- My organization’s IT security function strictly enforces acts of non-compliance to security policies, standard operating procedures, and external requirements
- My organization’s IT security function supports security in the DevOps environment
- My organization makes appropriate investments in leading-edged security technologies such as machine learning, automation, orchestration, analytics and/or artificial intelligence tools.
- My organization’s IT security function complies with data protection and privacy requirements.
- My organization’s IT security leader (CISO) has sufficient authority and resources to achieve a strong security posture.
These results clearly indicate that to enhance preparedness and reduce overall risk levels more resources must be diverted to people, processes, and technology. Furthermore, the need for a platform-based approach will be critical as organizations and security teams struggle to manage the increasing complexity introduced by digital transformation, data privacy, compliance, and more.
* An index value is calculated from this information based on a numerical scale of -10 to 10, with -10 representing the highest level of risk. In this report, the Canada CRI stood at 0.16 versus -0.01 for North America and -0.04 for global, indicating a moderate level of risk.