Trend Micro Incorporated, a global cybersecurity pioneer, revealed a continued annual decline in its Cyber Risk Index (CRI) score.
The figure stood at an average of 38.4 for the year, down by 6.2 points from 2023. The data shows a clear trend that organisations leveraging proactive security approaches are seeing measurable risk reduction.
Proactive security with AI
Rachel Jin, chief enterprise platform officer at Trend Micro: “Trend customers are embracing our vision for proactive security by using the AI-powered Trend Vision OneTM Cyber Risk Exposure Management to identify risk and prioritise mitigations.”
“By getting on the front foot, they can build resilience, rapidly contain threats, and become more time and resource-efficient. It’s an approach that any organisation can emulate with the right mindset and tooling.”
CRI score declined
CRI score declined from 42.5 in February to 36.3 in DecemberThe CRI score declined each month throughout the year, from 42.5 in February to 36.3 in December. While organisations remain in the Medium Risk zone, the continued decline in CRI scores reflects real progress in cyber risk reduction.
It highlights a growing shift toward continuous security assessment and risk-based decision-making.
Yearly report highlight
Among the highlights from this year’s report are:
The report highlighted AI-assisted deepfake phishing, virtual kidnapping scams, and automated reconnaissance as key emerging AI threats
Most risky events
Risky cloud app access came top, followed by “stale Microsoft Entra ID account.” Rounding out the top 10 were email, user account and credential-related risks; many of them misconfiguration-related. Over one billion organisations were logged with multi-factor authentication disabled on Entra ID Accounts, highlighting a clear need for enhanced, automated identity security.
Average Mean Time to Patch (MTTP)
The top detected and unpatched CVEs from 2024 were “high severity” Elevation of Privilege (EoP) vulnerabilities published in the first half of the year. Europe (23.5 days) and Japan (27.5 days) recorded the fastest MTTP of any region, while non-profits (19 days) and the technology sector (22 days) were the fastest verticals. Healthcare (41.5 days) and telecoms (38 days) were slowest. Trend offers virtual patches to protect customers on average three months before official vendor updates.
Industry breakdown
Education, agriculture and construction had the highest CRI in 2024, singling them out as the most exposed sectors.
Regional breakdown
Europe was the most improved region, recording a seven-point CRI reduction—possible as a result of regulatory pressure from NIS2 and DORA. The Americas and AMEA have room to improve, while Japan maintained the lowest average (34.3).
Ransomware
LockBit, RansomHub, and Play ransomware were responsible for the highest number of reported breaches in 2024. According to Trend research, organisations with a CRI above average are around 12 times more likely to suffer a ransomware breach than those below average.
AI
The report highlighted AI-assisted deepfake phishing, virtual kidnapping scams, and automated reconnaissance as key emerging AI threats. However, AI can also empower network defenders to better predict and prevent cyberattacks, such as via the industry-first security LLM Trend Cybertron.
Proactive steps for security
Trend urges global organisations to embrace a proactive security approach To further lower their CRI, Trend urges global organisations to embrace a proactive security approach by:
Optimising security settings to maximise product features and get alerts on misconfigurations, vulnerabilities, and other risks. And leveraging native sensors/third-party sources to build a comprehensive view of the attack surface.
Contacting the device and/or account owner when a risky event has been detected to verify and investigate using the Vision One Workbench search function.
Inventorying stale accounts to delete inactive and unused ones, disabling risky accounts, resetting passwords with strong credentials, and enabling multi-factor authentication (MFA).
Applying the latest patches or upgrading application/OS versions regularly.
Assessing cyber risk effectively
Trend Vision One Cyber Risk Exposure Management uses its risk event catalogue to formulate a risk score for each asset type and an index score for organisations.
It does this by multiplying an asset’s attack, exposure, and security configuration by asset criticality. The result is an integer between zero and 100 that falls into one of three levels: Low Risk (0-30), Medium Risk (31-69) and High Risk (70-100).
