More Than a Number: Your Cyber Risk Index Explained

Welcome to Trend Micro’s monthly newsletter, The Strategic CISO. Discover the latest and most popular blogs from Research, News, and perspectives, a dedicated space for the latest strategic insights, best practices, and research reports to help security leaders better understand, communicate, and minimize cyber risk across the enterprise.

Research, News, and Perspectives

Our goal is to inform security leaders about best practices, the latest industry insights, and more. Let us know what you would like to see from The Strategic CISO newsletter.

Lower Cyber Risk Scores Through Proactive Security

The CRI score declined each month throughout the year, from 42.5 in February to 36.3 in December. While organizations remain in the Medium Risk zone, the continued decline in CRI scores reflects real progress in cyber risk reduction. It highlights a growing shift toward continuous security assessment and risk-based decision-making.

Among the highlights from this year's report are:

• Most risky events: Risky cloud app access came top, followed by "stale Microsoft Entra ID account." Rounding out the top 10 were email, user account and credential-related risks; many of them misconfiguration-related. Over one billion organizations were logged with multi-factor authentication disabled on Entra ID Accounts, highlighting a clear need for enhanced, automated identity security.
• Average Mean Time to Patch (MTTP): The top detected and unpatched CVEs from 2024 were "high severity" Elevation of Privilege (EoP) vulnerabilities published in the first half of the year. Europe (23.5 days) and Japan (27.5 days) recorded the fastest MTTP of any region, while non-profits (19 days) and the technology sector (22 days) were the fastest verticals. Healthcare (41.5 days) and telecoms (38 days) were slowest. Trend offers virtual patches to protect customers on average three months before official vendor updates.
• Industry breakdown: Education, agriculture and construction had the highest CRI in 2024, singling them out as the most exposed sectors.
• Regional breakdown: Europe was the most improved region, recording a seven-point CRI reduction—possible as a result of regulatory pressure from NIS2 and DORA. The Americas and AMEA have room to improve, while Japan maintained the lowest average (34.3).
• Ransomware: LockBit, RansomHub, and Play ransomware were responsible for the highest number of reported breaches in 2024. According to Trend research, organizations with a CRI above average are around 12 times more likely to suffer a ransomware breach than those below average. 
• AI: The report highlighted AI-assisted deepfake phishing, virtual kidnapping scams, and automated reconnaissance as key emerging AI threats. However, AI can also empower network defenders to better predict and prevent cyberattacks, such as via the industry-first security LLM Trend Cybertron.

To further lower their CRI, Trend urges global organizations to embrace a proactive security approach by:

• Optimizing security settings to maximize product features and get alerts on misconfigurations, vulnerabilities, and other risks. And leveraging native sensors/third-party sources to build a comprehensive view of the attack surface.
• Contacting the device and/or account owner when a risky event has been detected to verify and investigate using the Vision One Workbench search function.
• Inventorying stale accounts to delete inactive and unused ones, disabling risky accounts, resetting passwords with strong credentials, and enabling multi-factor authentication (MFA).
• Applying the latest patches or upgrading application/OS versions regularly

*Trend Vision One Cyber Risk Exposure Management uses its risk event catalog to formulate a risk score for each asset type and an index score for organizations. It does this by multiplying an asset's attack, exposure, and security configuration by asset criticality. The result is an integer between zero and 100 that falls into one of three levels: Low Risk (0-30), Medium Risk (31-69) and High Risk (70-100).

Learn more by reading the full technical report, "More Than a Number: Your Cyber Risk Index Explained"

Benefits of Continuous Cyber Risk Scoring

The zero-trust security model is the practice of removing the implicit trust of any entity. Historically, traditional architectures, devices, and identities could adhere to trust protocols within a corporate LAN or another permissioned or geographically bound network. However, today’s complex and dynamic environments span cloud services and infrastructure across geographic zones, including mobile and IoT devices. As a result, every endpoint represents a new boundary where all transactions must be verified. The foundation of a zero-trust model should continuously assess risk while tracking user identity and access. If your organization is in search of a solution to this problem, you need to look no further than Trend Vision One™ Zero Trust Secure Access (ZTSA).

Due to this ever-increasing complexity, a zero-trust security model requires continuous and in-depth monitoring. This ensures you have a complete picture of active and potential risks in your modern and dynamic environment. Ideally, threats are mitigated using automated response options before a security operations team (SOC) needs to investigate and, more importantly, before a full-scale breach can occur. Trend Vision One allows you to continuously recalculate risk scores to alert you to attempted breaches at the earliest opportunity.

Your analysts can then use the risk scores to gain insight into which areas of the environment require attention. A numerical risk score helps them quickly assign priority to which risks must be addressed first. Moreover, your organization’s management and leadership can enable relative comparisons and benchmarks of risk scores to clearly indicate whether your security posture is improving or declining over time. Furthermore, leadership teams can compare their organization’s security posture to peers within the same industry, region, and organization size.

Moreover, management and leadership can enable relative comparisons and benchmarks of risk scores as a clear indication as to whether their organization’s security posture is improving or declining over time. Furthermore, leadership teams can compare their security posture to peers within the same industry, region, and organization size.

Find out more benefits of continuous cyber risk scoring by reading our full report here.

Using the Cyber Risk Index as a Key Performance Indicator (KPIs)

The Cyber Risk Index is not only a reflection of your current cybersecurity posture but also a strategic KPI that security leaders can use to align cybersecurity efforts with business outcomes. Integrating the Cyber Risk Index into operational and executive dashboards gives your organization a continuous and quantifiable view of risk that informs decisions at every level—from SOC operations to boardroom strategy.

Why the Cyber Risk Index as a KPI matters:

• Quantifies progress: The Cyber Risk Index enables your organization to track how your security posture evolves over time as new controls are deployed or vulnerabilities emerge.
• Supports accountability: As a measurable outcome, the Cyber Risk Index can be used to set risk tolerance thresholds, guide security investments, and evaluate team or vendor performance.
• Benchmarking: The Cyber Risk Index facilitates peer comparisons by providing a standardized index that reflects exposure, attack activity, and security configurations across different industries and regions.
• Enables proactive governance: When tracked as a KPI, the Cyber Risk Index helps your executive leadership team detect early signs of increasing exposure or misconfiguration, prompting corrective actions before incidents occur

By institutionalizing the Cyber Risk Index as a cybersecurity KPI, organizations move from reactive incident handling to proactive risk reduction, ultimately contributing to resilience, compliance, and trust.

Learn more in the full technical report: "More Than a Number: Your Cyber Risk Index Explained"

Conclusion

Your security teams can start by leveraging the company-wide Cyber Risk Index to make a high-level assessment of your organization’s risk—the likelihood of a threat’s occurrence and the potential impacts. The Cyber Risk Index considers your attack, exposure, and security configuration events and dives deeper into different high-level categories that make up risk.

With a comprehensive visualization of risk within your organization, you can anticipate and proactively secure your environment, detect and defend against threats, and mitigate the impact of existing threats. Then, you can refine this process and develop a zero-trust architecture that is resilient in the face of even the most sophisticated attacks.

CREM can serve as the backbone of your organization’s zero-trust journey with the continuous and in-depth monitoring demanded by the requirements of an effective zero-trust architecture. Closing the gaps that Trend Vision One identified will correct your security posture over time and influence your actions to adhere to the zero-trust model. Furthermore, you join strength against the increasing amount and sophistication of threat actors by contributing to and using the vast intelligence gathered from other organizations that also rely on CREM to establish a universally more secure environment against all manner of risk.

Get the full details in our Cyber Risk Index technical report here.

Before you go:

We are excited to be named a Leader in the IDC MarketScape: Worldwide Cloud-Native Application Protection Platform 2025 Vendor Assessment.

Gain a comprehensive, real-time view of your hybrid and multi-cloud environment with Trend Vision One™ Cloud Security.

Read the excerpt: https://spr.ly/60464eM1q