- Survey reveals that nearly 70% of organizations leave critical vulnerabilities unresolved for 24 hours or more.
- Managing vulnerability fog is a major challenge as AI promises to make it easier for criminals to identify their targets.
- Existing and unpatched vulnerabilities remain a major cause of the proliferation of cybercriminals
According to a new study, more than two-thirds (68%) of organizations take more than 24 hours to remediate critical vulnerabilities, prompting businesses to up their game when it comes to dealing with threats.
A survey conducted by Swimlane highlighted how vulnerabilities remain a significant danger for organizations; exposing them to data breaches, regulatory sanctions and operational disruptions.
And the longer these vulnerabilities go unaddressed, the greater the risk of exploitation. Yet many teams struggle with inefficiencies that waste valuable time.
The challenge of prioritizing vulnerabilities
Lack of specific context was cited by 37% of respondents as a major barrier to prioritizing threats, and 35% cited incomplete information as a leading cause.
While 45% of organizations employ a mix of manual and automated processes, the tools they rely on, such as cloud security management, endpoint protection, and web application scanners, are often not enough not responding to the scale and speed of emerging threats.
Manual processes also pose a challenge, spending up to 50% of workers’ time on vulnerability management tasks. More than half of workers surveyed said they spend more than five hours per week consolidating and standardizing data from various sources.
Companies lose approximately $47,580 per employee each year due to manual tasks, noted Michael Lyborg, CISO at Swimlane, and this heavy reliance on manual effort not only slows response times, but also distracts from more strategic cybersecurity initiatives.
Despite these challenges, the report reveals that many organizations simply lack effective vulnerability management programs, with 73% of respondents expressing concern about being penalized for inadequate practices.
“Smarter prioritization and automation are no longer optional: they are essential to reducing vulnerabilities, preventing breaches, and ensuring continued compliance,” said Cody Cornell, co-founder and chief strategy officer of Swimlane.
“By combining intelligent automation and human expertise, vulnerability management teams gain the clarity they need to act decisively,” he added.
“Centralizing data and responding in real time is not a luxury: it is a business imperative that minimizes risk and frees up time to focus on the next challenge. »
