Server security misconfigurations: 34.9% in the financial services industry (versus 27.9% average in other industries).

Cloud misconfigurations and excessive permissions vulnerabilities were found in 42% of cloud environments that were pen tested.

Nearly 7 in 10 retail & consumer goods organizations had APIs with misconfigured authorizations or data exposure issues. These retail & consumer goods APIs averaged 15 vulnerabilities per API.

29% of SaaS incidents resulted from misconfigurations.

Open-source risks and cloud misconfigurations followed supply chain vulnerabilities closely at 73%.

The top device misconfigurations include: Out-of-date OS (29.5%), No device lock (12%), No encryption (3.3%).

The top device misconfigurations include: Out-of-date OS (29.5%), No device lock (12%), No encryption (3.3%).

77% of organizations have the overprivileged default Compute Engine service account configured in Google Vertex AI Notebooks

45% of all vulnerabilities detected were SSL misconfigurations, but this percentage dropped to 33.5% by mid-2024.