At Least 20% of Enterprise Endpoints Have Legacy Security Vulnerabilities

Action1 Corporation, provider of the #1 risk-based patch management platform designed for work-from-anywhere enterprises, today released its 2023 State of Vulnerability Remediation Report. Based on feedback from 804 IT professionals, the report reveals critical gaps in vulnerability management within organizations, which are being overlooked by executive leadership teams despite high-profile breaches and increased emphasis on cybersecurity from the authorities. These gaps leave organizations vulnerable to cyber threats.

Key findings of the report:
Time to combat low cybersecurity awareness among employees has increased over the past year.
10% of organizations suffered a breach over the past 12 months, with 47% of breaches resulting from known security vulnerabilities; phishing was the most common attack vector reported by 49% of respondents; 54% of victims had their data encrypted by ransomware.
IT teams rank the lack of support from the executive team for cybersecurity initiatives as the key threat to cyber resilience. Many IT teams also face operational issues that leave no time for cybersecurity.

30% of organizations take more than a month to detect known vulnerabilities.
38% of organizations fail to prioritize security flaws, while 40% take more than a month to remediate known vulnerabilities (of them, 24% take more than 3 months).

On average, 20% of endpoints remain continuously unpatched due to laptop shutdowns or update errors.

“The gaps in the detection and prioritization stages of vulnerability management suggest the actual proportion of unpatched endpoints could be much higher. Organizations must ensure effective communication on all levels to eliminate these gaps, implement automation, and build cyber resilience,” said Alex Vovk, CEO and co-founder of Action1. “Otherwise, we risk another year of costly breaches.”