Skip to main content

Businesses are losing a massive amount of time to vulnerability prioritization

automation
(Image credit: Image Credit: MNBB Studio / Shutterstock)

By the time cybersecurity experts have prioritized cybersecurity alerts, and manually triaged less-important ones, they barely have any time left for real work, a new report from triage platform RankedRight suggests.

Based on a poll of 600 IT professionals in the UK and the US, the report states that manual triage takes an equivalent of four days a week to complete. As a result, businesses lose $63,474 per year in remediation labor costs.

Besides triage, prioritization has also become a vital factor. Almost all (96 percent) of companies said that prioritization is now an important or extremely important part of their vulnerability management program.

The prioritization process takes an average of seven hours per week, per 250 assets. With many enterprises having tens of thousands of assets, the numbers quickly pile up.

Perfect storm

The number of vulnerabilities has been steadily rising, and so has the sophistication of attack methods. With the holiday season upon us, businesses have their IT teams stretched even thinner, making cybersecurity a major challenge in the months ahead.

Together with the Great Resignation, a widening talent gap, and the increasing complexity of cybersecurity tools, there’s a perfect storm brewing that could result in devastating cybersecurity incidents. 

Businesses can no longer rely on manual processes for prioritization, says Thomas MacKenzie, CEO of RankedRight.

“As our research shows, prioritization is now key for every vulnerability management program but due to the ever-increasing number of threats, manual triage is no longer a viable solution. Teams need to spend more of their precious time and resources on remediation and by taking the manual triage off their plate, they can now do that.”

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.