HOUSTON — Action1 Corp. released its 2023 State of Vulnerability Remediation Report. Based on feedback from 804 IT professionals, the report reveals critical gaps in vulnerability management within organizations, which are being overlooked by executive leadership teams despite high-profile breaches and increased emphasis on cybersecurity from the authorities. These gaps leave organizations vulnerable to cyber threats.

Key findings

  • Time to combat low cybersecurity awareness among employees has increased over the past year.
  • About 10% of organizations suffered a breach over the past 12 months, with 47% of breaches resulting from known security vulnerabilities. Phishing was the most common attack vector reported by 49% of respondents, and 54% of victims had their data encrypted by ransomware.
  • IT teams rank the lack of support from the executive team for cybersecurity initiatives as the key threat to cyber resilience. Many IT teams also face operational issues that leave no time for cybersecurity.
  • Almost a third (30%) of organizations take more than a month to detect known vulnerabilities.
  • Approximately 38% of organizations fail to prioritize security flaws, while 40% take more than a month to remediate known vulnerabilities (of them, 24% take more than three months).
  • On average, 20% of endpoints remain continuously unpatched due to laptop shutdowns or update errors.

“The gaps in the detection and prioritization stages of vulnerability management suggest the actual proportion of unpatched endpoints could be much higher," said Alex Vovk, CEO and co-founder of Action1. "Organizations must ensure effective communication on all levels to eliminate these gaps, implement automation, and build cyber resilience. Otherwise, we risk another year of costly breaches.”