In the last year, cybersecurity spending rose by 24 percent, but cyberattacks increased by 17 percent, according to a report from ServiceNow released Oct. 29.
In addition to an increase in attacks, the report found that there was a nearly 27 percent increase in the severity of attacks from 2018 to 2019. In response to the growing number of attacks, respondents zeroed in on their struggles with patching vulnerabilities.
ServiceNow, which partnered with the Ponemon Institute for report, found that while the increased cyber spending was used to strengthen an organization’s prevention, detection, and remediation resources, 60 percent of the breaches in 2019 “involved vulnerabilities where available patches were not applied.”
Compared to 2018, organizations have increased their weekly costs on patching by 34 percent. However, organizations also experienced 30 percent more downtime due to delays in patching vulnerabilities. The report further explained that patching is delayed an average of 12 days and blamed the delay on data silos and poor organizational coordination. Concerningly, when it comes to the “most critical vulnerabilities” patching is delayed by 16 days on average.
Seventy-four percent of respondents said one of the primary drivers of the delay in patching is they cannot take critical apps and systems offline to speed up the patching process. The vast majority (72 percent) said they find it difficult to prioritize what needs to be patched immediately.
In response to their patching issues, 69 percent of respondents report that their organizations plan to hire on average five new staff members dedicated to patching in the next year – a move that will cost on average $650,000 annually for each organization.
For its report, ServiceNow surveyed 3,000 cybersecurity professionals in nine countries, including the United States, France, Germany, and the United Kingdom.