Report leverages data from Trend’s platform for risk insights
THE Trend Micro, Global leader in cybersecurity, announces the continued decline in its customers’ cyber risk scores. The Cyber Risk Index (CRI)* averaged 38.4 over the year, a 6.2 point decrease compared to 2023. The data points to a clear trend: organizations that opt for proactive security approaches are achieving measurable risk reduction.
“By adopting AI-powered Trend Vision One™ Cyber Risk Exposure Management (CREM), Trend Micro customers have taken a step forward. The proactive security posture helps identify risks and builds resilience, quickly containing threats to optimize time and resources. It’s an approach that any organization can replicate with the right mindset and tools,” said Rachel Jin, COP, Trend Micro.
The CRI score declined over the course of 2024, from 42.5 in February to 36.3 in December. While organizations still score in the mid-range (31-69), the continued decline in CRI scores reflects real progress in reducing cyber risk. It also reflects a growing shift toward continuous security assessment and risk-based decision-making.
Highlights of the report include:
- Riskiest events: Access to cloud applications was the top risk, followed by outdated Microsoft account IDs. Rounding out the top 10 were risks related to email, user accounts, and credentials, many of which were related to improper configuration. More than a billion organizations had multi-factor authentication (MFA) disabled for account access (Entra ID Accounts), highlighting the need to improve and automate identity security.
- Mean Time to Patch (MTTP): The most detected and unpatched CVEs of 2024 were Elevation of Privilege vulnerabilities published in the first half of 2024. Europe (23.5 days) and Japan (27.5 days) recorded the fastest average patch times among regions. Among industries, nonprofits (19 days) and technology (22 days) patched the fastest, while healthcare (41.5 days) and telecommunications (38 days) were the slowest. Trend delivers virtual patches to protect its customers, on average, three months ahead of official vendor updates.
- Most exposed sectors: education, agriculture and construction had the highest CRI rates in 2024, thus ranking as the most vulnerable sectors.
- Regional analysis: Europe was the region with the biggest drop in the index, recording a reduction of seven points in the CRI.
- Ransomware: the LockBit, RansomHub and Play families were responsible for the largest number of breaches recorded in 2024. According to Trend's research, organizations with above-average CRI are about 12 times more likely to suffer a ransomware attack than those with lower CRI.
- AI: The report highlighted emerging AI-related threats such as AI-assisted deepfake phishing, cyber-kidnapping scams, and automated reconnaissance. However, AI can also empower network defenders by helping predict and prevent cyberattacks, as demonstrated by Trend Cybertron, the industry’s first security LLM.
Trend Micro encourages global organizations to take a proactive approach to security to further reduce CRI:
- Optimizing security settings to maximize resources, receive alerts about misconfigurations, vulnerabilities, and other risks, and integrate native sensors/third-party sources to gain a complete view of the attack surface.
- Contacting the device and/or account owner when a risky event is detected, verifying and investigating with the Vision One Workbench tool.
- Inactive Account Inventory, deleting those that are no longer used, deactivating risky accounts, resetting passwords with strong credentials, and enabling multi-factor authentication (MFA).
- Applying the latest fixes or regular update of application/operating system versions.
To learn more about the Cyber Risk Report click ON HERE.
*Trend Vision One Cyber Risk Exposure Management uses its catalog of risk events to calculate a risk score for each asset type and an index for organizations. This is done by multiplying the attack, exposure, and security configuration factors by the asset’s criticality level. The result is a number between zero and 100, classified into three levels: Low Risk (0-30); Medium Risk (31-69); High Risk (70-100).
About Trend Micro
Trend Micro, a global leader in cybersecurity, helps make the world a safer place to exchange digital information. Powered by decades of cybersecurity expertise, global threat research, and continuous innovation, Trend Micro’s AI-powered cybersecurity platform protects hundreds of thousands of individuals and organizations across the cloud, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, Trend Micro delivers a powerful array of advanced threat defenses optimized for environments such as AWS, Microsoft, and Google, and central visibility for faster, better detection and response. With 7,000 employees across 70 countries, Trend Micro enables organizations to secure and simplify their connected world.
Site: www.trendmicro.com/pt_br/business.html
Twitter: TrendmicroBR
Linkedin: www.linkedin.com/company/trend-micro-brasil/
EN 
PT 
