Average Time to Remediation Hits 205 Days


According to a report from NTT | Application Security, the average time it takes for vulnerability management teams to remediate cybersecurity vulnerabilities has increased to 205 days. This implies that vulnerability management and patch management don’t receive the support required for effective security hygiene on a systemic level even in the face of the numerous security breaches that have become a mainstay in the global news.

The report shows that organizations across the utilities and manufacturing sectors have lackluster cybersecurity and patch management, with more than 60% of applications containing vulnerabilities that remain unmitigated for over a year. Though, it should be noted that a small number of applications had an average window of exposure of less than 30 days. This implies that only known critical vulnerabilities are addressed within a month’s time, while the rest are allowed to linger according to Setu Kulkarni, vice president at NTT | Application Security.

Mean Time to Remediation (MTTR) is a useful metric to determine the effectiveness of your organization’s cybersecurity posture. When it comes to different sectors, MTTR varies. Per the Appsec Stats Flash Vol. 7 written by Kobayshi Maru, Window of Exposure (an aggregate of organization specific MTTR), “the amount of time that an application has a serious vulnerability that can be exploited by data breaches,” indicates that Education, Manufacturing, and Retail “suffer more” than other industries – ones that seem to have much more oversight – like Finance and Agriculture.

The Impact

With the meteoric increase of remote workers, utilized applications and endpoints within the last 20 months, it’s safe to assume that effective patch management and vulnerability management will become necessary focuses of successful businesses. Given the increase in avoidable security breaches across the globe, it pays to invest in a competent IT and CyberSec arm to identify vulnerabilities and implement patches, or mitigate the potential issues of vulnerabilities that don’t yet have a feasible patch.

To be competitive, organizations must adapt and seek out vulnerabilities before they become security breaches that lead to financial penalties and the loss of client confidence. Strengthening your organization’s security posture requires a wholistic approach. An organization cannot just implement the “best” tech without understanding your organization’s needs, just the same that an organization cannot only increase IT hiring or employee education.

To effectively harden one’s cybersecurity posture, an organization needs to frequently and regularly audit its vulnerability management policies and work to mitigate threats based on priority.

A Solution

Many IT and CyberSec teams don’t have the work hours to get a leg up on vulnerability mitigation and the patch cycle. One can multiply your team’s efficiency by using a vulnerability management platform that automates and streamlines the tedious projects that weigh down any team’s workflow.

TOPIA is an all-in-one solution that identifies and prioritizes vulnerabilities, automates and simplifies patch implementation, and tailors itself to your organizations needs. TOPIA empowers your teams to focus on the tasks that move the organization forward by allowing your CyberSec teams to create routines and preempt or isolate unknown and unpatchable vulnerabilities.


Photo by Roman Kraft on Unsplash

Written by Kent Weigle

Leave a Reply


    See all

    Related Post

    Strong Cyber Hygiene is only One Click Away

    Want to take TOPIA for a free ride? Schedule A Meeting with our 🐺team!

    Let us know what would like to see 😀