A recent report on organizations’ response to vulnerabilities discovered through pentesting has revealed some concerning trends. Despite nearly all firms acknowledging the importance of pentesting, only about half of the identified issues are actually being addressed. While serious findings are resolved at a rate of 69%, the majority of flaws remain unpatched, indicating a significant gap in security measures.
The data further shows that larger organizations take longer to address serious vulnerabilities compared to their smaller counterparts. The median time to resolve issues stands at 67 days, well beyond the typical two-week service level agreement (SLA) expected. This delay in addressing critical issues poses a significant risk to the security of these organizations and their data.
The rise of GenAI LLM web applications has presented new challenges for security teams, with 32% of pentests on these apps uncovering serious vulnerabilities. Despite this, only 21% of these vulnerabilities have been remediated, raising concerns among security leaders about the risks associated with AI technologies. Threats such as prompt injection, model manipulation, and data leakage are at the forefront of these concerns, yet only a fraction of firms feel equipped to handle these security implications effectively.
Security leaders are under increasing pressure to prioritize speed over security, with many reporting that they are being asked to sacrifice security for expediency. This pressure contributes to delays in addressing vulnerabilities, with a significant number of findings remaining unresolved even after a month. Shockingly, 60% of issues persist after one year, and 45% remain open after five years, leaving organizations exposed to long-term risks.
Despite these challenges, experts like Gunter Ollman, CTO of Cobalt, emphasize the importance of regular pentesting to proactively identify and address vulnerabilities before they can be exploited by cybercriminals. Organizations that adopt an offensive security approach, including regular pentesting, are better equipped to strengthen their defenses and build trust with their customers. As the adoption of AI technologies continues to rise, securing the digital landscape has never been more critical.
In conclusion, the findings of the report underscore the need for organizations to prioritize cybersecurity and invest in efficient security processes with faster remediation timelines. By taking proactive measures to identify and address vulnerabilities, businesses can minimize their exposure to risks and safeguard their data and operations in an increasingly complex and threat-prone digital landscape.