Endpoint Cybersecurity Software Fails to Shield One in Five Enterprise Devices, Research Reveals
A recent study conducted by Absolute Security has unveiled a troubling reality within the realm of enterprise cybersecurity: one in five devices remains inadequately protected against cyber threats. This significant protection gap places organizations at heightened risk, with potential consequences including data breaches and operational disruptions. According to Absolute Security’s 2026 Resilience Risk Index, the ramifications of this vulnerability equate to a staggering 76 days annually, during which enterprises inadvertently afford cybercriminals greater access to their networks.
The report, published on March 23, analyzes vast amounts of device-level telemetry collected from tens of millions of enterprise endpoints verified to incorporate endpoint management and cybersecurity measures. These insights come at a crucial time when the cybersecurity landscape is increasingly complex and fraught with challenges.
Christy Wyatt, who serves as president and CEO of Absolute Security, expressed concern regarding the state of cybersecurity, stating, “Cyber-attacks are inevitable; downtime is optional.” She emphasized that while the industry has rapidly advanced in developing innovative solutions to detect and thwart threats, it has lagged in ensuring these tools remain functional and effective when they are needed most.
The Pitfalls of Slow Patch Management
The study highlights that the challenges faced by organizations are not due to a singular issue but rather stem from the escalating complexity of enterprise IT environments. A notable finding is the consistent delays in implementing security patches and software updates. Alarmingly, nearly a quarter (24%) of endpoint vulnerability management platforms were operating outside of compliance standards, reflecting an increase from 20% in the previous year.
This delay in remediation means that a growing proportion of enterprise endpoints are utilizing software that is known to have vulnerabilities, leaving organizations exposed to potential security breaches. As these systems remain unupdated, the window of exploitation for cybercriminals expands, allowing them greater opportunity to exploit known weaknesses.
The issues with patch management extend to operating systems, with Absolute’s analysis revealing an average delay of 127 days in applying critical updates for Microsoft Windows. Such delays leave devices vulnerable to downtime caused by zero-day vulnerabilities and other forms of cyber-attacks, raising alarm bells for cybersecurity professionals.
Moreover, the report underscores a significant concern: nearly 10% of enterprise endpoints are permanently unpatched. These unresolved vulnerabilities potentially place organizations in a position where they may never completely remediate the security issues, particularly if they continue to utilize outdated software such as Windows 10, which has not received support since October 2025.
Struggles in Cybersecurity Posture Management
Many organizations find themselves grappling with effectively managing their cybersecurity posture. This inability not only exposes them to cyber threats but also places them at a disadvantage when it comes to operational efficiency and the costs associated with downtime and remediation processes.
Nevertheless, the report indicates that proactive enforcement of patch management policies, especially concerning enterprise security solutions and operating systems, could significantly bolster network defenses against cyber threats. It indicates that organized efforts to streamline patch management can mitigate vulnerabilities and reduce the risk of attacks.
In the complexity of modern enterprise environments, the fundamental question has shifted. It is no longer enough for organizations to simply ensure systems are patched. They must also possess the capability to implement necessary changes across millions of endpoints swiftly—preventing potential exposure from turning into significant disruptions. This challenge takes on increasing urgency as the role of endpoints continues to evolve, reflecting the growing interconnectedness of devices in the enterprise sphere.
A Call to Action for Organizations
In light of these findings, it is imperative for organizations to reassess their approach to cybersecurity. The research by Absolute Security serves as a wake-up call, urging businesses to prioritize their cybersecurity strategies by enhancing patch management practices and ensuring they are equipped to combat evolving cyber threats.
Organizations must not neglect the importance of maintaining updated systems to safeguard their sensitive data and avoid catastrophic breaches. By increasing awareness and implementing rigorous policies for patch management, enterprises can take significant strides toward fortifying their defenses against the ever-present threat of cyber-attacks.