68 percent of organizations don't fix critical vulnerabilities on time

A newly-released report from Swimlane shows that a worrying 68 percent of organizations say remediating a critical vulnerability takes them more than 24 hours.

The survey of 500 cybersecurity decision-makers across the US and UK reveals that 37 percent cite the top challenge in prioritization as a lack of context or accurate information. Similarly, 35 percent report this lack of context hampers their remediation efforts.

"The growing complexity of vulnerability management is pushing organizations to rethink how they approach organization-wide security, risk and compliance strategies," says Michael Lyborg, CISO at Swimlane. "It's no longer just about patching vulnerabilities -- it's about prioritizing the ones that matter most to your operations. With businesses losing an estimated $47,580 per employee each year due to manual tasks, organizations can no longer afford to operate in the reactive mode of the past."

Over half (55 percent) of organizations still lack a comprehensive system for vulnerability prioritization. While 45 percent use a hybrid approach combining manual and automated processes, many rely on tools like cloud security posture management (71 percent), multiple endpoint scanners (60 percent), and web application scanners (59 percent) for vulnerability detection.

Significant resources are spent on manual efforts too, with 57 percent of security teams dedicating 25–50 percent of their time to vulnerability management operations. More than half (55 percent) spend over five hours weekly consolidating and normalizing vulnerability data, while 51 percent note the limited utility of scanner results, necessitating additional tools and processes.

In addition 65 percent of organizations say they lack confidence in their vulnerability management programs' ability to meet regulatory audit requirements. Meanwhile, 73 percent express concern over potential fines tied to inadequate vulnerability management practices.

"Smarter prioritization and automation are no longer optional -- they are essential to reducing vulnerabilities, preventing breaches and ensuring continuous compliance," says Cody Cornell, co-founder and chief strategy officer of Swimlane. "By blending intelligent automation with human expertise, vulnerability management teams gain the clarity they need to act decisively. Centralizing data and responding in real-time isn't a luxury -- it's a business imperative that minimizes risk and frees up time to focus on the next challenge."

The full report is available on the Swimlane site.

Image credit: Rawpixel/depositphotos.com