- Research shows that nearly 70% of organizations leave critical vulnerabilities unaddressed for 24 hours or more
- Addressing vulnerability fog is a major challenge as AI promises to make it easier for criminals to identify targets
- Zero-day and unpatched legacy vulnerabilities remain a major cause of cybercriminal proliferation
Over two-thirds (68%) of organizations spend more than 24 hours addressing critical vulnerabilities, new research has found, urging companies to up their game when it comes to managing threats.
A study by Swimlane highlighted how vulnerabilities continue to pose a significant risk to organizations; exposing them to data breaches, regulatory sanctions and operational disruptions.
And the longer these vulnerabilities remain unaddressed, the greater the risk of exploitation, yet many teams struggle with inefficiencies that waste valuable time.
The challenge of vulnerability prioritization
Lack of accurate context was cited by 37% of respondents as a major obstacle to prioritizing threats, and 35% considered incomplete information a major culprit.
While 45% of organizations were found to employ a mix of manual and automated processes, the tools they rely on, such as cloud security posture management, endpoint protection and web application scanners, are often unable to handle the scale and speed of new threats.
Manual processes also pose a challenge, consuming up to 50% of employee time on vulnerability management tasks. Over half of the workers surveyed reported spending more than five hours each week consolidating and normalizing data from various sources.
Businesses lose an estimated $47,580 per employee each year due to manual tasks, noted Michael Lyborg, CISO at Swimlane, and this heavy reliance on manual effort not only delays response times, but also diverts attention from more strategic cybersecurity initiatives.
Despite these challenges, the report reveals that many organizations simply lack effective vulnerability management programs, with 73% of respondents expressing concern about being penalized for inadequate practices.
“Smarter prioritization and automation are no longer optional – they are critical to reducing vulnerabilities, preventing breaches and ensuring continuous compliance,” said Cody Cornell, Swimlane’s co-founder and Chief Strategy Officer.
“By blending intelligent automation with human expertise, vulnerability management teams get the clarity they need to act decisively,” he added.
“Centralizing data and responding in real time is not a luxury – it’s a business necessity that minimizes risk and frees up time to focus on the next challenge.”
