79% of defense contractors lack vulnerability management solutions.

Organisations detect an average of 17 vulnerabilities in their cloud environments per week.

46% of organisations still struggle with cloud vulnerability management.

67% of organisations conduct cloud vulnerability assessments monthly or more frequently.

96% of organisations conduct regular cloud vulnerability assessments.

Top challenges in managing cloud vulnerabilities include Budget constraints (35%), Integrating vulnerability management with existing workflows (34%), and Lack of skilled personnel (32%).

74% of respondents identify a lack of understanding of every potential source of vulnerability as their biggest challenge to effective vulnerability management.

34% of respondents report seeing significant improvements in vulnerability response time due to automation.

Median time to resolve issues of all criticalities stretches to 67 days.

69% of the highest-risk (serious) vulnerabilities are resolved.

Since 2017, the median time to resolve serious vulnerabilities has decreased dramatically—from 112 days down to 37 days last year.

This represents a cut of 75 days, or two-thirds.

Less than half (48%) of vulnerabilities are remediated.

46% of companies commit to fix critical vulnerabilities within just three days.

The top use case where security leaders say AI will offer most value is vulnerability and risk management, named by 74% of respondents

39% of firms are using AI to solve data overload problems that stymie vulnerability and exposure management work

The top five vulnerability management problems they’re actively trying to solve with AI today were: false positives (49%), overload of data (39%), reliance on manual processes (33%), disparate results from scanning tools (31%), and false negatives (31%)

46% of firms say that they’re actively trying to use AI to solve false positive issues