top of page

Survey: Almost a Quarter of Enterprises Have Unpatched Endpoints

Action1 Corporation has released its 2023 State of Vulnerability Remediation Report, which reveals critical gaps in vulnerability management within organizations that are leaving them vulnerable to cyber threats. The report is based on feedback from 804 IT professionals and highlights that organizations are facing low cybersecurity awareness among employees, which has increased over the past year. Additionally, 10% of organizations suffered a breach in the past 12 months, with 47% of breaches resulting from known security vulnerabilities. Phishing was the most common attack vector reported by 49% of respondents, and 54% of victims had their data encrypted by ransomware.

The lack of support from executive teams for cybersecurity initiatives was identified as the key threat to cyber resilience by IT teams. Many IT teams also face operational issues that leave no time for cybersecurity. Moreover, 30% of organizations take more than a month to detect known vulnerabilities, and 38% of organizations fail to prioritize security flaws. While 40% take more than a month to remediate known vulnerabilities, of them, 24% take more than three months. On average, 20% of endpoints remain continuously unpatched due to laptop shutdowns or update errors.

Alex Vovk, CEO and co-founder of Action1, has suggested that the gaps in the detection and prioritization stages of vulnerability management suggest the actual proportion of unpatched endpoints could be much higher. Organizations must ensure effective communication on all levels to eliminate these gaps, implement automation, and build cyber resilience. Otherwise, there could be another year of costly breaches.

The report emphasizes the need for organizations to prioritize cybersecurity and address the identified gaps in vulnerability management. Failure to do so could result in organizations becoming more susceptible to cyber threats. It is essential that companies take the necessary steps to implement automation and build cyber resilience to ensure the protection of their networks and data. ###


bottom of page