Corporate cyber-attack risks in Asia-Pacific dropped to a moderate level last year, in line with the global trend, yet 78% of surveyed organisations worldwide expect successful attacks to take place in 2023, according to a recent survey.
Jon Clay, vice-president of threat intelligence at multinational cybersecurity software firm Trend Micro, said the global cyber-risk index (CRI) improved to positive territory for the first time.
"This means organisations may be taking steps to improve their cybersecurity preparedness. There is still much to be done, as employees remain a source of risk. The first step to managing this risk is to gain complete and continuous attack surface visibility and control," said Mr Clay.
The Tokyo-based company's seventh index, which is a joint collaboration with research group Ponemon Institute, assesses an organisation's readiness to counter different types of cyber-attacks. The scores range from +10 to -10, with the latter representing the highest risk.
The CRI moved up to a moderate level globally of 0.01 during the second half of last year, from -0.15 in the first half. The cyber-preparedness index also improved, rising from 5.24 to 5.34 during the same period.
"The good news is organisations are making changes to improve their preparedness against attacks," noted the report, which surveyed 3,729 organisations.
The regional results also reflect the global trend, as the CRI found cybersecurity preparedness improved in Europe and Asia-Pacific, climbing from to -0.12 to 0.12 and -0.11 to 0.05, respectively.
The scores in North America improved slightly over the past six months, increasing to -0.10 from -0.33 in the first half of the year, whilst Latin America remained at -0.03.
Despite the overall improvement in the index, the survey found most organisations still have a pessimistic view of their prospects this year. Roughly eight out of 10 respondents said it was "somewhat to very likely" that they would suffer a a successful cyber-attack (78%), a breach of customer data (70%) or a breach of critical data IP (69%).
Compared with the last report, the figures represent decreases of only 1%, 2% and 7%, respectively. The survey shows one of the greatest concerns for businesses related to cybersecurity preparedness is a lack of knowledge about the physical location of business-critical data assets.
Among the top concerns for a cyber-attack are disruption or damage to critical infrastructure, productivity decreases, cost of outside consultants and experts, regulatory actions or lawsuits, and reputation or brand damage.
"As the shift to hybrid work gathers momentum, organisations are rightly concerned about the risk posed by negligent employees and the infrastructure used to support remote workers," said Larry Ponemon, chairman and founder of Ponemon Institute.
"They will need to focus not only on tech solutions, but also people and processes to help mitigate these risks."