Global organizations are still beset with cyber visibility and control challenges, with two-fifths (43%) admitting their digital attack surface is out of control as a result, according to new Trend Micro research.

The security vendor polled over 6200 IT and business decision-makers to compile its new studyMapping the digital attack surface: Why global organisations are struggling to manage cyber risk.

It revealed that nearly three-quarters (73%) are concerned about the increasing size of their attack surface. Over a third (37%) said it is “constantly evolving and messy,” and just half (51%) thought they were able to fully define its extent.

These visibility challenges are greatest in cloud environments, although problems persist across the board. The report highlights complex supply chains, tool bloat and home working-driven shadow IT as additional contributory factors.

On average, respondents estimated having just 62% visibility of their attack surface.

The continued practice of manual (24%) and regional (29%) attack surface mapping is also hampering efforts to gain comprehensive insight and eliminate data silos, especially for global organizations – two-thirds (65%) of which admitted the scale of their operations causes additional challenges.

“There’s a sense that major investments in IT modernization over the past few years have created a momentum that is increasingly difficult to manage,” the report noted. “Gaining visibility … is surely the first step towards effectively mitigating risk.”

Yet over half (54%) of responding organizations said they don’t believe their method of assessing risk exposure is sophisticated enough. This is borne out by other stats from the report, notably that almost two-fifths (35%) only review or update their risk exposure monthly or less frequently.

Last December, the head of MI6, Richard Moore, warned in a rare public speech that “the digital attack surface that criminals, terrorists and hostile states threats seek to exploit against us is growing exponentially.