Cyber risk study: businesses worry about out-of-control digital attack surface

June 20, 2022

Limited visibility and control threaten IT security of businesses worldwide, according to Trend Micro study

Trend Micro, one of the world’s leading providers of cyber security solutions, has published the results of a new global study. This shows that companies are finding it increasingly difficult to identify and secure their increasingly complex attack surface. This in turn makes complete risk management more difficult.

The study by the Japanese security provider shows that 65 percent of German companies (73 percent worldwide) are concerned about their growing attack surface. 40 per cent (37 per cent globally) say it is “constantly changing and confusing”, with only slightly more than half (54 per cent, 51 per cent globally) able to fully grasp its extent. Half (43 per cent globally) of respondents go further, admitting that their company’s digital attack surface is “out of control”.

The main reason German companies struggle to manage and understand cyber risks is a lack of visibility. Almost two-thirds (62 per cent in Germany as well as worldwide) say they have blind spots in the IT landscape that worsen the level of security. Cloud environments are most at risk in this context. On average, respondents estimate that they only have 65 per cent (62 per cent worldwide) of their attack surface in view.

These challenges multiply in global enterprises. More than half (60 per cent in Germany, 65 per cent globally) of all respondents say that a company operating internationally in several countries makes risk management even more difficult.

In addition, in more than a quarter of all German companies (27 percent, 24 percent globally), the mapping of the IT infrastructure is still done manually. Furthermore, 28 percent organise themselves on a regional level – regardless of the global structure – which leads to silo formation and further intransparency.

According to the Trend Micro study, more than half of all companies worldwide (54 percent) believe that their methodology for assessing cyber risks is not mature enough. The following figures from Germany confirm this:

  • Only 42 per cent (45 per cent globally) have a fully defined methodology for assessing the risk of their digital attack surface
  • Just under a third (30 per cent, 35 per cent globally) review/update their risk level only monthly or less frequently
  • Only 19 per cent (23 per cent globally) analyse their risk daily Making a sound risk assessment is therefore the greatest difficulty for German companies.

“The IT modernisation of the last two years was a necessary reaction to the pandemic. In many cases, however, it has unwittingly increased the digital attack surface and given threat actors more opportunities to compromise critical resources,” says Richard Werner, Business Consultant at Trend Micro. “A unified, platform-based approach is the best way to reduce gaps in visibility, improve risk assessments and enhance security across complex, distributed IT environments.”

More study results can be found in English here:

About the study
For the study, Trend Micro surveyed a total of 6297 IT and business decision makers in 29 countries, including 202 in Germany, in April 2022.

Related Articles

Construction and industry find it difficult to obtain loans

Construction and industry find it difficult to obtain loans

Ifo Institute survey for June shows increase in banks' reluctance to lend It is not only the order situation for construction and industry that remains difficult, but also financing. According to a new survey by the ifo Institute (, 27.1 per cent of...

Share This