Social media is the leading medium for successful scams at 34%, surpassing email (28%), phone calls (25%), text messages (24%), and online ads (21%) in 2025.

The publishing industry experienced 63% of AI bot triggers within the broader digital media industry in 2025.

Top-performing BFSI enterprises remediate over 9% of open flaws monthly, while lagging organizations have security debt in 85% or more of their applications.

Open-source flaws account for over 82% of critical security debt at financial firms, despite third-party code representing only 17% of total security debt.

35% of respondent organizations are not currently using their CI/CD pipelines for remediation but want to in 2025.

22% of respondent organizations are using their CI/CD pipelines to deliver fixes and remediations.

60% of respondents reported that fewer than 5% of vulnerabilities and misconfigurations recurred within a month of remediation in 2025.

35% of respondents cited rollbacks of patches as a cause of vulnerability recurrence.

91% of respondents agreed or strongly agreed that their organization is improving in its ability to remediate vulnerabilities in 2025, according to a survey of respondents.

1% of respondents reported being 'not at all confident' in their organization's ability to remediate known vulnerabilities in a timely manner.

4% of organizations took more than 15 days to remediate critical vulnerabilities in 2025.

Companies that experience tool sprawl report 51% lower remediation confidence compared to those who did not experience tool sprawl in 2025.

Tool sprawl reduces confidence in remediation by 51% in 2025.

28% of organizations report that IT operations is primarily responsible for remediating vulnerabilities and misconfigurations reported by security.

42% of IT and security professionals reported working in both IT operations and security in 2025, according to a survey of 125 respondents

52% report on their remediation efforts ‘quarterly’, ‘rarely’, or ‘never’ in 2025, while only 18% run weekly reports.

26% of respondents stated that the recurrence of vulnerabilities and misconfigurations was between 6% and 10% within a month of remediation in 2025.

44% of security and IT operators indicated that auto-creating tickets with all relevant information would improve remediation in 2025.

18% of organizations surveyed reported tracking and reporting their remediation efforts on a weekly basis while 30% reported doing so monthly.

39% of respondents reported not using a vulnerability remediation tracking tool in 2025, relying instead on manual tracking using spreadsheets.