Racing against time on a menacing caldera: survey finds majority of organizations take days to tackle critical vulnerabilities, each of them a potential open goal for cybercriminals

News
By
published

Fragmented data and poor collaboration are leaving systems exposed for too long, survey warns

Hacker Typing
(Image credit: Shutterstock)
  • Survey finds nearly 70% of orgs leave critical vulnerabilities unresolved for 24 hours or more
  • Managing vulnerability fog is a major challenge, as AI promises to make it easier for criminals to identify targets
  • Zero-day and unpatched legacy vulnerabilities remain a major cause of cybercriminal proliferation

Over two-thirds (68%) of organizations take more than 24 hours to address critical vulnerabilities, new research has found, urging companies to up their game when it comes to dealing with threats.

A survey conducted by Swimlane highlighted how vulnerabilities remain a significant danger to organizations; exposing them to data breaches, regulatory penalties, and operational disruptions.

And the longer these vulnerabilities remain unaddressed, the greater the risk of exploitation, yet many teams struggle with inefficiencies that waste valuable time.

The challenge of vulnerability prioritization

Lack of accurate context was cited by 37% of respondents as a major obstacle to prioritizing threats and 35% considered incomplete information as a major culprit.

While 45% of organizations were found to employ a mix of manual and automated processes, the tools they rely on such as cloud security posture management, endpoint protection, and web application scanners often fall short of addressing the scale and speed of emerging threats.

Manual processes also pose a challenge, consuming up to 50% of workers' time on vulnerability management tasks. Over half of workers surveyed reported spending more than five hours each week consolidating and normalizing data from various sources.

Businesses lose an estimated $47,580 per employee each year due to manual tasks, noted Michael Lyborg, CISO at Swimlane, and this heavy reliance on manual effort not only slows response times but also diverts attention from more strategic cybersecurity initiatives.

Despite these challenges, the report does reveal that many organizations simply lack effective vulnerability management programs, with 73% of respondents expressing concerns about facing penalties for inadequate practices.

“Smarter prioritization and automation are no longer optional — they are essential to reducing vulnerabilities, preventing breaches and ensuring continuous compliance,” said Cody Cornell, Swimlane's Co-Founder and Chief Strategy Officer.

“By blending intelligent automation with human expertise, vulnerability management teams gain the clarity they need to act decisively," he added.

"Centralizing data and responding in real-time isn’t a luxury — it’s a business imperative that minimizes risk and frees up time to focus on the next challenge.”

You might also like

Efosa Udinmwen
Efosa Udinmwen
Freelance Journalist

Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master's and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity. Upon joining TechRadar Pro, in addition to privacy and technology policy, he is also focused on B2B security products. Efosa can be contacted at this email: udinmwenefosa@gmail.com

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.