The Urgency of a Threatening Boiler: A Study Reveals That Most Organizations Take Days to Address Critical Vulnerabilities, Each of Which Is a Potential Target for Cybercriminals.
The lack of collaboration and data fragmentation are leaving systems vulnerable for extended periods, according to a survey.
A recent study reveals that nearly 68% of organizations take more than 24 hours to address critical vulnerabilities, underscoring the need for companies to improve their response to threats. Research conducted by Swimlane highlights that these vulnerabilities continue to pose a significant risk, exposing organizations to data breaches, regulatory penalties, and operational disruptions.
The time vulnerabilities remain unresolved increases the likelihood of exploitation, but many teams face inefficiencies that consume valuable time. About 37% of respondents cited a lack of precise context as a barrier to prioritizing threats, while 35% pointed out incomplete information as a relevant issue. Although 45% of organizations use a combination of manual and automated processes, the tools they employ, such as cloud security posture management, endpoint protection, and web application scanners, often fail to address the scale and speed of emerging threats.
Manual methods also present a barrier, with workers dedicating up to 50% of their time to vulnerability management tasks. More than half of the respondents reported spending over five hours per week consolidating and normalizing data from various sources. According to Michael Lyborg, CISO of Swimlane, companies lose approximately $47,580 per employee annually due to these manual tasks. This heavy reliance on manual processes not only delays response times but also diverts attention from more strategic cybersecurity initiatives.
Despite these challenges, the report highlights that many organizations still lack effective vulnerability management programs, with 73% of respondents expressing concern about the possibility of facing penalties for inadequate practices. Cody Cornell, co-founder and Chief Strategy Officer of Swimlane, emphasizes that smarter prioritization and automation are essential to reduce vulnerabilities, prevent breaches, and ensure ongoing compliance. Cornell adds that centralizing data and responding in real time is not a luxury but a business necessity that minimizes risk and allows teams to focus on new challenges.
