Survey Finds 76% of Companies Impacted by IT Vulnerabilities

In a survey of enterprise IT security executives, 76% of respondents indicated IT vulnerabilities had impacted their business in the last year.

Rhett | July 29, 2021

TEL AVIV, Israel — July 29, 2021 — Vulcan Cyber®, developers of the industry’s only risk-based remediation platform for infrastructure, application and cloud security, today announced the latest results of its ongoing research into cyber risk remediation initiatives and risk impact on business operations. In a survey of enterprise IT security executives, 76% of respondents indicated that IT vulnerabilities had impacted their business in the last year. These findings underscore the pervasive impact security vulnerabilities continue to have on business, as well as the ineffectiveness of traditional approaches to vulnerability management.

Conducted by Pulse, the latest Vulcan Cyber vulnerability remediation survey examines the effectiveness of risk and vulnerability management programs in enterprises today and their impact on cyber hygiene. According to the results, a majority of respondents, 52%, report their organization places only a moderate level of importance on risk-based vulnerability management, compared to 33% who consider risk-based vulnerability management very important. 

“There is a clear and widening gap between enterprise vulnerability management programs and the ability of IT security teams to actually mitigate risk facing their organizations,” said Yaniv Bar-Dayan, CEO and co-founder, Vulcan Cyber. “As security vulnerabilities proliferate across digital surfaces, it’s increasingly critical that all enterprise IT security stakeholders make meaningful changes to their cyber hygiene efforts. This should include prioritizing risk-based cybersecurity efforts, increasing collaboration between security and IT teams, updating vulnerability management tooling, and enhancing enterprise risk analytics, particularly in businesses with advanced cloud application programs.”

Other key findings from the Vulcan Cyber survey include:

  • The majority of respondents reported average vulnerability dwell times of more than one day (46%) with a significant number of respondents (31%) reporting dwell times of more than a week.
  • Among the vulnerability scanners used by IT security teams for infrastructure scanning, Qualys is the most popular, followed by Crowdstrike and AWS Inspector, then,, Palo Alto Networks Prisma Cloud, Rapid7 InsightVM, Rapid7 Nexpose, Orca, and Aqua Security, in descending order.
  • Palo Alto Networks Prisma Cloud is the most popular vulnerability scanner used for applications, followed by Tenable WAS, Rapid7 InsightAppSec, Qualys WAS, Snyk, WhiteHat, Veracode, Micro Focus Fortify, HCL AppScan, WhiteSource, Burp Suite, and Checkmarx, in descending order.
  • Overall, 76% of respondents use the same prioritization (risk analytics) model for both infrastructure and application security.
  • The majority of respondents (30%) evaluate cyber risk using external, technically oriented models such as ATT&CK in contrast to external, business-oriented models like FAIR (20%). 27% of respondents use a bespoke, home-grown scoring model.

For the complete results of the Vulcan Cyber cyber risk management survey, download the whitepaper, “How Do Businesses Mitigate Cyber Risk?” 

Fix IT vulnerabilities now

For more information about Vulcan Cyber, please visit to request a demo or try Remedy Cloud today. In addition, Vulcan Free is now available as the industry’s only free vulnerability prioritization tool. Apply for Vulcan Free access today.

About Vulcan Cyber

Vulcan Cyber has developed the industry’s first risk-based remediation  platform, built to help businesses reduce cyber risk through measurable and efficient infrastructure, cloud and application security programs. The Vulcan platform orchestrates and tracks the remediation lifecycle from scan to fix by prioritizing vulnerabilities, curating and delivering the best remedies, and automating processes and fixes through the last mile of remediation. Vulcan Cyber helps IT security teams collaborate and “get fix done” at scale. Vulcan Cyber is proud to offer Remedy Cloud and Vulcan Free as freemium SaaS solutions for businesses of all sizes. The unique capability of the Vulcan Cyber platform has garnered Vulcan Cyber recognition as a 2019 Gartner Cool Vendor and as a 2020 RSA Conference Innovation Sandbox finalist.

Media contact

Dex Polizzi
Lumina Communications on behalf of Vulcan Cyber
vulcan at luminapr dot com 

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy