2025年网络风险趋势报告

Outpacing the adversary The Trend 2025 Cyber Risk Report sustains our shift towards proactive security. Protecting enterprises isno longer about stopping breaches but is now about staying ahead, making cybersecurity a business enabler.This report looks at our telemetry from 2024: by looking at last year’s risk landscape, we recognize exposuresand understand attacker behavior to be able to implement countermeasures for the year ahead. This way, wetransform security from a challenge to a catalyst for innovation and business growth. This report harnesses data from the Cyber Risk Exposure Management1(CREM) solution of our flagshipcybersecurity platform Trend Vision One™2. Telemetry from this solution identifies exposures across attack surfacesto help prioritize and address risk areas. Combined with data from our native eXtended Detection and Response3(XDR) tools and threat intelligence, this report primes enterprises with information on adversaries along with riskinsights to reduce their Cyber Risk Index and stay ahead of the curve. The CyberRisk Index To achieve a proactive approach to cybersecurity, we capitalize on data from our Cyber Risk Exposure Management solution, whichis designed to protect organizations’ digital assets from attacks by evaluating risks across the attack surface, prioritizing them,and implementing appropriate countermeasures. CREM calculates an enterprise’s Cyber Risk Index (CRI), a metric that quantifies the overall security risk of an organization based on aconsolidation of individual assets and risk factor scores. Our research4has found that organizations with a CRI above the average havea greater likelihood to suffer from attacks than those with a lower CRI. Like how preventive health check-ups reveal the overall state ofhealth, analyze risks the body might be exposed to, and creates an action plan on how to prevent these risks, CREM works to identifythe CRI and creates a strategy to reduce them and therefore improve an organization’s security posture. While risk is evaluated qualitatively, the CRI quantifies it by using a scale from 0-100 to represent and give a clearer picture of whereenterprises or sectors stand in terms of security and risk. CREM uses the risk event catalog to formulate a risk score for each asset type and an index for organizations by multiplying an asset’sattack, exposure, and security configuration by the asset criticality. The risk scores are calculated individually for every asset, witheach score considering asset type and criticality. The result is an integer between zero and 100 that falls into one of three levels. •Low Risk (0-30): ° Organizations in this category are considered relatively secure ° Immediate significant measures are generally not necessary •Medium Risk (31-69): ° Organizations in this category have several risk factors that need to be addressed° It is advisable to consider and implement appropriate countermeasures •High Risk (70-100): ° Organizations in this category are exposed to severe risks ° Prompt and robust security measures are essential to mitigate potential threats Learn more with our Cyber Risk Index Overview5and our technical report on how to understand risk score calculations6. This report covers telemetry from February to December 2024; it excludes data from January as the CREM dashboard algorithmwas updated at the end of that month with a weight summation method that affects CRI computation. Telemetry from February toDecember 2024 was computed with the same algorithm and provides a more accurate average CRI. Future improvements to CREMcomputation will be disclosed accordingly. Also note that industry CRI data do not include industries with a sample size too small to bestatistically relevant. Cyber RiskIndex Data The overall average CRI in 2024 improved consistently per month, with a 6.2-point difference from the overall average in February toDecember. While this improvement suggests that enterprises have been successfully operationalizing cyber risk management, a 36.3overall CRI still falls within medium risk, an average indicative that organizations still have several risk factors that need addressing.This emphasizes the need for continuous monitoring of the attack surface risk life cycle, which includes discovery, assessment, andrisk mitigation through necessary countermeasures. Our regional telemetry is consistent to the overall average CRI data. There is a general downtrend in risk indices among the regions;Europe exhibiting the biggest improvement from February to December with a 7-point difference. The region is pushing for increasedcyber hygiene and resilience with the Digital Operational Resilience Act7and the Cyber Resilience Act8, which could influenceenterprises to take a more proactive approach in cybersecurity through patching, fixing configurations, and refining user access andpermissions, among others. While CRI among regions improved in the past year, each region’s risk index is still w