Limited visibility and control threaten IT security of businesses worldwide, according to Trend Micro study

Trend Micro, one of the world’s leading providers of cyber security solutions, has published the results of a new global study. This shows that companies are finding it increasingly difficult to identify and secure their increasingly complex attack surface. This in turn makes complete risk management more difficult.

The study by the Japanese security provider shows that 65 percent of German companies (73 percent worldwide) are concerned about their growing attack surface. 40 per cent (37 per cent globally) say it is “constantly changing and confusing”, with only slightly more than half (54 per cent, 51 per cent globally) able to fully grasp its extent. Half (43 per cent globally) of respondents go further, admitting that their company’s digital attack surface is “out of control”.

The main reason German companies struggle to manage and understand cyber risks is a lack of visibility. Almost two-thirds (62 per cent in Germany as well as worldwide) say they have blind spots in the IT landscape that worsen the level of security. Cloud environments are most at risk in this context. On average, respondents estimate that they only have 65 per cent (62 per cent worldwide) of their attack surface in view.

These challenges multiply in global enterprises. More than half (60 per cent in Germany, 65 per cent globally) of all respondents say that a company operating internationally in several countries makes risk management even more difficult.

In addition, in more than a quarter of all German companies (27 percent, 24 percent globally), the mapping of the IT infrastructure is still done manually. Furthermore, 28 percent organise themselves on a regional level – regardless of the global structure – which leads to silo formation and further intransparency.

According to the Trend Micro study, more than half of all companies worldwide (54 percent) believe that their methodology for assessing cyber risks is not mature enough. The following figures from Germany confirm this:

• Only 42 per cent (45 per cent globally) have a fully defined methodology for assessing the risk of their digital attack surface
• Just under a third (30 per cent, 35 per cent globally) review/update their risk level only monthly or less frequently
• Only 19 per cent (23 per cent globally) analyse their risk daily Making a sound risk assessment is therefore the greatest difficulty for German companies.

“The IT modernisation of the last two years was a necessary reaction to the pandemic. In many cases, however, it has unwittingly increased the digital attack surface and given threat actors more opportunities to compromise critical resources,” says Richard Werner, Business Consultant at Trend Micro. “A unified, platform-based approach is the best way to reduce gaps in visibility, improve risk assessments and enhance security across complex, distributed IT environments.”

More study results can be found in English here: https://www.trendmicro.com/explore/trend_global_risk_research_2

About the study
For the study, Trend Micro surveyed a total of 6297 IT and business decision makers in 29 countries, including 202 in Germany, in April 2022.