73% of CISOs admit security incidents due to unknown or unmanaged assets

Only those who know their attack surfaces can defend against them effectively. What seems like a truism, however, appears to be causing problems for many companies.

According to a survey of more than 2,000 cybersecurity executives by security provider Trend Micro, nearly three-quarters (73%) of security leaders say they have experienced a security incident because assets in their IT infrastructure were not managed or simply unknown.

Approximately nine out of 10 managers surveyed stated that attack surface management directly impacts their company’s business risk. A large proportion of respondents also admitted that a lack of risk management for exposed assets could have significant negative consequences. Negative consequences are feared for the following areas, among others:

• Business continuity (42% of respondents)
• Competitiveness (39%)
• Customer trust and brand reputation (39%)
• Supplier relationships (39%)
• Employee productivity (38%)
• Financial performance (38%)

Despite the obvious dangers, the survey shows that enterprises are doing too little. Forty-three percent of companies employ special tools for proactive risk management of their attack surface. The majority (58%) admitted they have not implemented processes for continuous monitoring. “However, this would be necessary to proactively mitigate and contain risks before they impact operations,” Trend Micro stated.

“In 2022, organizations worldwide were already concerned that the attack surface for cyberattacks was spiraling out of control. Today, the challenge is even more urgent,” said Kevin Simzer, COO at Trend Micro. While most organizations are aware of the impact on business risk, few are taking proactive security measures to continuously mitigate risk. “Cyber ​​risk management should be a top priority for all organizations.”