Skip to content

Majority of Cyberattacks Exploit Known, Neglected Vulnerabilities

The Bottom Line: 84 percent of cyberattacks exploit already-known but deprioritized vulnerabilities — the core problem lies in slow remediation, not lack of visibility.

A global study by Filigran and Vanson Bourne of 550 IT security experts shows: 84 percent of cyberattacks target known vulnerabilities to which organizations have not assigned priority. The central problem is not insufficient transparency, but the lack of speed in implementing remediation measures.

The Filigran study reveals a structural gap in threat intelligence: Although security teams use an average of 14 different threat intelligence data streams, 61 percent of surveyed organizations cannot determine which vulnerabilities are actually exploitable in real-world attacks. This leads to massive resource misallocation — globally, security teams spend 42 percent of their work time analyzing risks with low or no practical relevance. Only 41 percent of organizations have a consolidated overview of their entire cyber risk exposure.

German organizations stand out through automation: 58 percent already employ continuous, fully automated validation processes, compared to the global average of 38 percent. This advantage has concrete effects — German security teams spend only 27 percent of their time on irrelevant vulnerability analysis, and 54 percent of surveyed teams in Germany have a consolidated view of their security risks. Nevertheless, German teams report operational bottlenecks: alert fatigue, manual data integration from fragmented sources, and shortage of skilled personnel remain central challenges.

The industry is planning massive AI deployment to manage the volume of risks. Currently, 37 percent of continuous threat management processes are AI-enabled; study participants expect this share to rise to 59 percent within two years. 88 percent of all respondents view stronger automation as essential. The greatest implementation barriers are concerns about system failures in production environments, high manual effort, and lack of integration into existing processes.


Source: www.it-daily.net · Published 1 July 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.

Share on: