- New Hackuity report reveals CVE overload driving burnout and breaches among security teams
- One in four organisations report a data breach as a result of vulnerability management
LYON, November 24th – Hackuity, the risk-based vulnerability management provider, today released new research revealing the mounting pressure on security teams as they struggle to keep pace with the rising number of CVEs (Common Vulnerabilities and Exposures).
The Vulnerability Management Report explores the challenges of vulnerability management and includes insights from 200 IT security decision-makers across the UK and APAC.
As the number of CVEs continues to rise, nearly half (46%) of respondents say that the volume has placed additional strain on their security teams’ resources impacting not only organisational security but also staff wellbeing. One in four, 26%, admit this pressure has contributed to a data breach, while more than a third, 36%, report it resulted in a regulatory fine. Over a third (36%) also say it has delayed incident response, and 33% report missed security alerts as a result. In terms of the human impact, 38% report that it has led to burnout within the team.
Commenting on the findings, Svlvain Cortes VP Strategy at Hackuity said: “We know that teams are feeling the pressure right now – but what’s most concerning is the knock-on effect this is having on organisations and on the team’s well-being. From missed alerts to fines, there are real consequences at play when vulnerabilities aren’t managed in a way that’s making the best use of team’s time and expertise. The nonstop flood of alerts isn’t just stressful, it’s costly.”
The ability to process and manage vulnerabilities has become ever more critical. Whilst most organisations, 77%, report that they have formalised vulnerability remediation processes in place for identifying vulnerabilities, only 36% have a risk-based approach as the primary method, where vulnerabilities are based on asset criticality‚ exploitability and business impact.
It also seems that there is more work to do in moving vulnerability management (VM) higher up the agenda as 60% of respondents reported that it does not receive the same focus as other IT security projects.
Additional key findings from the report include:
- Critical Vulnerabilities take on average four weeks to remediate: The mean time to remediation (MTTR) for critical vulnerabilities is four weeks, on average. However, one in five organisations (21%) report that it can take between one and three months to remediate critical vulnerabilities.
- The barriers to VM: operational and budget constraints: Although respondents recognise the strain of vulnerability management, they are hindered by operational (43%) and budget (41%) constraints. The issue of staff and skills shortages also play a part with 29% of respondents citing lack of skills within the team and a quarter reporting that high staff turnover prevents them from making improvement to VM practices.
Svlvain Cortes continues: “Security leaders need to look at how they’re equipping their teams to make sure they can keep pace with the rising volume and complexity of vulnerabilities. Without context and intelligence around the alerts, they risk wasting valuable time and resources chasing down threats or missing alerts that could pose the greatest risk for their organisation.”
Download a copy of the report at this link: Hackuity Vulnerability Management Research
About Hackuity
80% of cyberattacks use a vulnerability published half a decade ago. Translation: either cybersec professionals don’t care (not true) or they can’t keep up on their own (it’s time we admit that). Fragmented teams, too many tools, and exploding vulnerabilities are a match made in heaven – for attackers.
Founded by experts from leading cybersecurity service providers, Hackuity reinvents Risk-Based Vulnerability Management (RBVM) to protect organisations worldwide:
- Aggregate 100+ market-leading tools into a single pane of glass.
- Prioritise vulnerabilities with our risk-based scoring algorithm.
- Automate remediation specific to your attack surface.
Integrate your ecosystem to help cybersec teams focus on what’s actually vulnerable – not on managing Excel spreadsheets. Hackuity’s platform breaks security silos and provides a unified view of your cyber exposure specific to your attack surface so that you can remediate the real threats, faster. In short, Hackuity is your VOC enabler.
Hackuity is the winner of PwC Luxembourg’s Cybersecurity & Privacy Solution of the Year – People’s Choice Award (2023), has received the EIC Seal of Excellence from the European Innovation Counsel, and is featured on Wavestone’s 2023 French Cybersecurity Scaleups Radar. Hackuity is a member of Campus Cyber and has also won the Government-led Grand Défi competition (2023, 2021), the Assises Innovation Award (2021), the FIC Startup Jury Award (2021), and the BPI Innovation Competition Award (2019). SOC 2 certified and IMDA accredited, Hackuity emerged from stealth and raised €12 million in 2022.
Media Contact:
Code Red Communications for Hackuity
Email: [email protected]
Notes for Editors
Methodology
The results from this survey are from an online survey Sapio Research fielded on behalf of Hackuity with IT Security Decision Makers in companies of over 1000 employees across the UK (100) and APAC; Australia, Indonesia and Singapore (100).
