Strong SLAs critical for vulnerability management

A new report from crowdsourced security company Intigriti highlights the need for strong cybersecurity practices and service-level agreements (SLAs) for vulnerability management.

Globally, 75 percent of businesses fail to respond to critical vulnerabilities within 24 hours, consequences of which could include customer dissatisfaction, loss of business, and reputational damage.

In the UK, 29 percent respond within 24 hours compared to 20 percent in the US. It's also the case that more UK respondents (82 percent) aim to resolve a critical to exceptional vulnerability within 15 days compared to the US (69 percent). The UK is faster at disclosure too, with 73 percent disclosing a vulnerability within 15 days versus 66 percent in the US.

The report also shows 52 percent of companies skip consulting their executive leadership when facing critical vulnerabilities, and only 44 percent involve legal and risk management teams. 36 percent don’t consult IT infrastructure teams, missing out on the expertise of network engineers, system administrators, and application developers. These professionals could help speed up the mitigation process, as they may have written the code from which the vulnerability arose.

In addition 43 percent of organizations fail to conduct regular cost-benefit analyses to weigh up vulnerability remediation expenses against the costs of a data breach. The US outperforms the UK in this area, with 65 percent of organizations conducting analysis regularly compared to 47 percent in the UK.

There are also big reporting gaps, 66 percent of US respondents automate tracking and reporting on compliance with disclosure SLAs for contracted vendors, compared to just 32 percent in the UK. Nearly half (49 percent) of UK respondents rely on manual reporting.

Stijn Jans, CEO and founder at Intigriti, says, "At Intigriti, we understand the immense pressure on cybersecurity leaders to defend against a rapidly evolving threat landscape with limited resources. Still, failing to plan is planning to fail, which is why SLAs are so crucial for protecting against cyber threats. Our report provides clear and actionable standards for performance and accountability, giving businesses a competitive edge in the process. By equipping security teams with tools and knowledge, we can turn vulnerabilities into victories. Collectively, we can ensure a safer digital future for all -- but there's no time left to waste."

You can get the full report from the Intigriti site.

Image credit: Dzmitry Dzemidovich/Dreamstime.com