Nearly half of all on-premises databases have unpatched vulnerabilities

News
By
published

Simply transitioning to the cloud may not be the answer

Best cloud databases
(Image credit: Pixabay)

Almost half of all on-prem database around the world contain some form of known, addressable security vulnerabilities, over half of which were ranked as high or critical severity. according to a new survey.

Conducted over five years by cybersecurity vendor Imperva, the survey scanned around 27,000 databases, finding 46% contained vulnerabilities at an average of 26 vulnerabilities per database.

“Too often, organizations overlook database security because they’re relying on native security offerings or outdated processes. Although we continue to see a major shift to cloud databases, the concerning reality is that most organizations rely on on-premises databases to store their most sensitive data,” observed Elad Erez, Imperva's Chief Innovation Officer.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

Erez adds that owing to the large number of vulnerable on-prem databases, it shouldn’t be a surprise if there’s an increase in the number of reported breaches.

Lack of security awareness

Regional analysis reveals that France tops the list with 84% of the databases being vulnerable with an average of 72 vulnerabilities per database. The UK clocks in at the fourth position with 61% of vulnerable databases at an average of 37 vulnerabilities per database.

Imperva argues that since a majority of the scanned databases handle some of the most sensitive data, including that related with financial transactions, keeping them vulnerable to cyberattacks is a risky proposition not just for the organization, but for their customers as well.

“Whether it’s down to the perceived difficulty of fixing these vulnerabilities, or not even knowing how exposed databases are, organizations are quite simply making it far too easy for attackers,” Imperva believes.

And since the real issue is a lack of security awareness, the company suggests that there’s no guarantee that moving to the cloud will improve matters, since it might just mean that businesses are simply swapping “one set of mistakes for another.”

Instead, Erez suggests that businesses must respond by devising a comprehensive security strategy that’s built around the protection of data irrespective of where it exists. 

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Hacker Typing
Racing against time on a menacing caldera: survey finds majority of organizations take days to tackle critical vulnerabilities, each of them a potential open goal for cybercriminals
API
Businesses are being plagued by API security risks - with nearly 99% affected
Holographic representation of cloud computing over open businessman&#039;s hand
AWS, Azure and Google Cloud credentials from old accounts are putting businesses at risk
Data leak
AWS customers hit by major cyberattack which then stored stolen credentials in plain sight
An illustration of a hand holding a set of keys in front of a laptop, accompanied by a padlock symbol, fingerprint, and key.
Thousands of SonicWall VPN devices are facing worrying security threats
Holographic representation of cloud computing over open businessman&#039;s hand
Businesses are struggling to address vulnerabilities hidden in phantom dependencies
Latest in Pro
Concept art representing cybersecurity principles
What businesses need for modern third-party risk management
An American flag flying outside the US Capitol building against a blue sky
Mass federal layoffs will have “devastating impact on cybersecurity, former NSA cybersecurity director warns
Half man, half AI.
How finance teams can avoid falling behind in the AI race
eSIM
Global eSIM shipment volume surpasses half a billion units as demand keeps on growing
woman sit on couch near laptop take break reduce stress do yoga meditation exercise to calm down self control get rid of negative emotions, bad e-mail, difficult task, problems at work concept
IT industry workers hit badly by burnout, stress - but there's still potential for success
Home internet connection. A wlan router on desk with notebook in background.
Cloudflare admits security tool is blocking some challenger browsers
Latest in News
An Nvidia GeForce RTX 5080 resting on an RTX 5090 on a gray crafting mat.
Corsair tells us only one of its prebuilt PCs with an RTX 5000 GPU has suffered from chip-level fault, suggesting it’s as rare as Nvidia claimed
ChatGPT WhatsApp
New survey suggests the vast majority of iPhone and Samsung Galaxy users find AI useless – and to be honest, I’m not surprised
A hunter holds up a Grav Bowfin and smiles
How to catch a Gravid Bowfin in Monster Hunter Wilds
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 7 (game #1138)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 7 (game #369)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 7 (game #635)
More about pro
An American flag flying outside the US Capitol building against a blue sky

Mass federal layoffs will have “devastating impact on cybersecurity, former NSA cybersecurity director warns
Home internet connection. A wlan router on desk with notebook in background.

Cloudflare admits security tool is blocking some challenger browsers
Concept art representing cybersecurity principles

What businesses need for modern third-party risk management
See more latest
Most Popular
An American flag flying outside the US Capitol building against a blue sky
Mass federal layoffs will have “devastating impact on cybersecurity, former NSA cybersecurity director warns
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 7 (game #369)
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 7 (game #1138)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 7 (game #635)
Home internet connection. A wlan router on desk with notebook in background.
Cloudflare admits security tool is blocking some challenger browsers
ChatGPT WhatsApp
New survey suggests the vast majority of iPhone and Samsung Galaxy users find AI useless – and to be honest, I’m not surprised
The DJI Mavic 3 Pro in flight over some mountains
Upcoming DJI Mavic 4 Pro premium drone could deliver new camera skills and LiDAR – here’s what the latest leaks tell us
A hunter holds up a Grav Bowfin and smiles
How to catch a Gravid Bowfin in Monster Hunter Wilds
An Nvidia GeForce RTX 5080 resting on an RTX 5090 on a gray crafting mat.
Corsair tells us only one of its prebuilt PCs with an RTX 5000 GPU has suffered from chip-level fault, suggesting it’s as rare as Nvidia claimed
watch back to the future online
Everything new on Prime Video in March 2025