- Survey finds nearly 70% of orgs leave critical vulnerabilities unresolved for 24 hours or more
- Managing vulnerability fog is a major challenge, as AI promises to make it easier for criminals to identify targets
- Zero-day and unpatched legacy vulnerabilities remain a major cause of cybercriminal proliferation
Over two-thirds (68%) of organizations take more than 24 hours to address critical vulnerabilities, new research has found, urging companies to up their game when it comes to dealing with threats.
A survey conducted by Swimlane highlighted how vulnerabilities remain a significant danger to organizations; exposing them to data breaches, regulatory penalties, and operational disruptions.
And the longer these vulnerabilities remain unaddressed, the greater the risk of exploitation, yet many teams struggle with inefficiencies that waste valuable time.
The challenge of vulnerability prioritization
Lack of accurate context was cited by 37% of respondents as a major obstacle to prioritizing threats and 35% considered incomplete information as a major culprit.
While 45% of organizations were found to employ a mix of manual and automated processes, the tools they rely on such as cloud security posture management, endpoint protection, and web application scanners often fall short of addressing the scale and speed of emerging threats.
Manual processes also pose a challenge, consuming up to 50% of workers’ time on vulnerability management tasks. Over half of workers surveyed reported spending more than five hours each week consolidating and normalizing data from various sources.
Businesses lose an estimated $47,580 per employee each year due to manual tasks, noted Michael Lyborg, CISO at Swimlane, and this heavy reliance on manual effort not only slows response times but also diverts attention from more strategic cybersecurity initiatives.
Despite these challenges, the report does reveal that many organizations simply lack effective vulnerability management programs, with 73% of respondents expressing concerns about facing penalties for inadequate practices.
“Smarter prioritization and automation are no longer optional — they are essential to reducing vulnerabilities, preventing breaches and ensuring continuous compliance,” said Cody Cornell, Swimlane’s Co-Founder and Chief Strategy Officer.
“By blending intelligent automation with human expertise, vulnerability management teams gain the clarity they need to act decisively,” he added.
“Centralizing data and responding in real-time isn’t a luxury — it’s a business imperative that minimizes risk and frees up time to focus on the next challenge.”
