Costs and Consequences of Gaps in Vulnerability Response

Costs and Consequences of Gaps in Vulnerability Response

Free

Company Name : ServiceNow

The study found that despite a 24% average increase in annual spending on prevention, detection and remediation in 2019 compared with 2018, patching is delayed an average of 12 days due to data silos and poor organizational coordination.

Description

Ponemon Institute is pleased to present the findings of the second study on vulnerability and patch management. As shown in this research, the severity and volume of cyberattacks is increasing. However, most organizations are not comparably enhancing their abilities to prevent hackers from exploiting attack vectors. In fact, it’s taking longer to detect and longer to patch critical vulnerabilities than last year. The cost and consequences of this failure are myriad. Thirty-nine percent of respondents say their organizations were aware that actual breaches were linked to known vulnerabilities, an increase from 34 respondents in last year’s study. This indicates that more focus should be paid to vulnerability response for businesscritical assets. On the upside, organizations that are using automation are getting better at patching.

With sponsorship from ServiceNow, Ponemon Institute surveyed almost 3,000 IT security professionals in the United States, United Kingdom, Germany, France, Netherlands, Australia/New Zealand, Singapore and Japan to understand how organizations are responding to vulnerabilities. In this report, we present the consolidated findings and comparisons to the 2018 study.

According to the findings, organizations seem to be keeping to the status quo in their approaches to patching. As a consequence, they are not achieving significant improvements in their ability to quickly detect and patch vulnerabilities and keep ahead of the attackers. Respondents were asked to rate their organizations’ ability to quickly detect vulnerabilities, prevent threats and patch vulnerabilities in a timely manner on a scale from 1 = low ability to 10 = high ability. This year, 50 percent of respondents rate their detection capabilities as very high and only 44 percent say they have a high ability to patch in a timely manner, a very slight increase from last year’s research.

You may also like…

  • 2019 Cost of a Data Breach Report

    Free

  • The Inevitable Costs of Status Quo Security

    Free

  • Ninth Annual Cost of Cybercrime Study

    Free

Featured Products

  • Crystal Eye UTM Series 10+ Gateway

    Enterprise to SMB/Home Office Solutions - Crystal Eye Series 10 - 200