INFOGRAPHIC
INFOGRAPHIC
ServiceNow research shows
that security breaches
increased in 2019
S
erviceNow, a leading digital workflow
company making work, work
better for people, has released its
second sponsored study on cybersecurity
vulnerability and patch management,
conducted with the Ponemon Institute.
The study, Costs and Consequences of Gaps
in Vulnerability Response, found that despite
a 24% average increase in annual spending
on prevention, detection and remediation
in 2019 compared with 2018, patching is
delayed an average of 12 days due to data
silos and poor organisational coordination.
Looking specifically at the most critical
vulnerabilities, the average timeline to patch
is 16 days.
At the same time, the risk is increasing.
According to the findings, there was a 17%
increase in cyberattacks over the past year,
and 60% of breaches were linked to a
vulnerability where a patch was available,
but not applied.
The study surveyed almost 3,000
security professionals to understand
how organisations are responding to
vulnerabilities. In this report, ServiceNow
presents the consolidated findings and
comparisons to its 2018 study, Today’s
State of Vulnerability Response: Patch Work
Requires Attention.
The survey results reinforce a need
for organisations to prioritise more
effective and efficient security
vulnerability management:
• 34% increase in weekly costs spent on
patching compared to 2018
• 30% more downtime vs. 2018, due to
delays in patching vulnerabilities
• 69% of respondents plan to hire an
average of five staff members dedicated
to patching in the next year, at an
average cost of US$650,000 annually for
each organisation
22
INTELLIGENTCIO
• 88% of respondents said they must
engage with other departments across
their organisations, which results in
coordination issues that delay patching
by an average of 12 days
The findings also indicate
a persistent cybercriminal
environment, underscoring the
need to act quickly:
• 17% increase in the volume of
cyberattacks in the last 12 months
compared to the same timeframe
in 2018
• Nearly 27% increase in cyberattack
severity compared to 2018
The report points to other factors
beyond staffing that contribute to
delays in vulnerability patching:
• 76% of respondents noted the lack of a
common view of applications and assets
across security and IT teams
• 74% of respondents said they cannot
take critical applications and systems
offline to patch them quickly
• 72% of respondents said it is difficult to
prioritise what needs to be patched
According to the findings, automation
delivers a significant payoff in terms
of being able to respond quickly and
effectively to vulnerabilities. Four in five
(80%) of respondents who employ
automation techniques say they respond
to vulnerabilities in a shorter timeframe
through automation.
“This study shows the vulnerability gap that
has been a growing pain point for CIOs
and CISOs,” said Sean Convery, General
Manager, ServiceNow Security and Risk.
“Companies saw a 30% increase in
downtime due to patching of vulnerabilities,
which hurts customers, employees and
brands. Many organisations have the
motivation to address this challenge
but struggle to effectively leverage their
resources for more impactful vulnerability
management. Teams that invest in
automation and maturing their IT and
security team interactions will strengthen the
security posture across their organisations.”
ServiceNow Security Operations
Vulnerability Response is part of ServiceNow
Security Operations, a security orchestration,
automation and response engine built on
the Now Platform.
Designed to help security teams respond
faster and more efficiently to incidents
and vulnerabilities, Security Operations
uses intelligent workflows, automation and
a deep connection with IT to streamline
security response. n
“
THERE WAS A
17% INCREASE IN
CYBERATTACKS
OVER THE PAST
YEAR, AND 60%
OF BREACHES
WERE LINKED TO
A VULNERABILITY
WHERE A PATCH
WAS AVAILABLE,
BUT NOT APPLIED.
www.intelligentcio.com