Report reveals critical role of cybersecurity practices and SLAs in vulnerability management

75% of US and UK firms fail to respond to critical vulnerabilities within 24 hours.

  • Friday, 12th July 2024 Posted 6 months ago in by Phil Alsop

Intigriti has published Sharpening SLAs for Vulnerability Management, a new report highlighting the need for strong cybersecurity practices and service-level agreements (SLAs) for vulnerability management. This report combines qualitative and quantitative research, featuring insights from 250 infosecurity professionals—including CIOs, CTOs, security analysts, and engineers—across 12 industries in the UK and the US.

The UK demonstrates a more rapid response and remediation rate for critical vulnerabilities, suggesting a more proactive and efficient approach to cybersecurity threats. Conversely, the US excels in automation, vendor collaboration, and conducting thorough cost-benefit analyses, indicating a more strategic and comprehensive approach.

Key findings include:

Vulnerability management challenges and regional differences

Initial acknowledgment: Globally, 75% of businesses fail to respond to critical vulnerabilities within 24 hours—consequences could include customer dissatisfaction, loss of business, and reputational damage

In the UK, 29% respond within 24 hours compared to 20% in the US

Mitigation: More UK respondents (82%) aim to resolve a critical to exceptional vulnerability within 15 days compared to the US (69%)—a promising start, but more organisations should aim for this target

Disclosure: The UK is also faster at disclosure, with 73% disclosing a vulnerability within 15 days versus 66% in the US

Stakeholder consultation when assessing critical vulnerabilities

Over half (52%) of companies skip consulting their executive leadership when facing critical vulnerabilities, and only 44% involve legal and risk management teams. This oversight is concerning, as regulatory bodies must be informed about such vulnerabilities.

Additionally, 36% don’t consult IT infrastructure teams, missing out on the expertise of network engineers, system administrators, and application developers. These professionals could help speed up the mitigation process, as they may have written the code from which the vulnerability arose.

Supply chain relationships and cost-benefit tracking

43% of organisations fail to conduct regular cost-benefit analyses to weigh up vulnerability remediation expenses against the costs of a data breach. The US outperforms the UK in this area, with 65% of organisations conducting analysis regularly (i.e. annually) compared to 47% in the UK. Such analysis is crucial for ensuring safety and justifying cybersecurity investments.

There are also big reporting gaps: two-thirds (66%) of US respondents automate tracking and reporting on compliance with disclosure SLAs for contracted vendors, compared to just 32% in the UK. Nearly half (49%) of UK respondents rely on manual reporting.

Building trust with transparency

More positively, 88% of respondents share SLAs—66% with external stakeholders. The remaining 12% cite compliance concerns (6%), minimizing PR issues (5%), and withholding knowledge from competitors (4%) as reasons not to share SLAs. Taking a more proactive cybersecurity stance is itself a competitive advantage and fosters trust with customers and new business prospects, so these fears are misguided.

Commenting on this news, Stijn Jans—CEO and Founder at Intigriti—said: “At Intigriti, we understand the immense pressure on cybersecurity leaders to defend against a rapidly evolving threat landscape with limited resources. Still, failing to plan is planning to fail, which is why SLAs are so crucial for protecting against cyber threats. Our report provides clear and actionable standards for performance and accountability, giving businesses a competitive edge in the process. By equipping security teams with tools and knowledge, we can turn vulnerabilities into victories. Collectively, we can ensure a safer digital future for all—but there’s no time left to waste.”

Thankfully, cybersecurity budgets are increasing, with Gartner predicting a 14.3% rise in global security and risk management spending—reflecting the need to address expanding attack surfaces and comply with new regulations. As well as new research, the report outlines the diary of a disclosure, illustrating the journey to an effective response. Key takeaways include:

More urgency is needed for the initial response to vulnerability reports

Structured and measurable actions are vital for protecting against evolving cyber threats

Ethical hackers can help security teams detect vulnerabilities faster

Protective measures against cyber criminals must be equally dynamic and robust 

Large businesses double down on AI investments

Posted 6 hours ago by Phil Alsop
Large businesses, particularly those with revenues exceeding $500 million are making substantial investments in artificial intelligence, according to...
Despite two years’ prep time and sufficient organisational awareness and budget, 43% won’t be compliant for at least three months.

The processor market’s role in next-gen technologies

Posted 16 hours ago by Phil Alsop
The world of digital infrastructure is evolving rapidly, with innovations in computing power and processing capabilities driving advancements across...
Sixty-one percent of respondents expect their organization’s cloud-based storage – underpinned by hard drives – will increase by more than 100%...
Enterprise AI investment expected to grow as chief executives reveal future technology priorities, responsible AI concerns, photonics infrastructure...

Enterprises unprepared for AI's power demand

Posted 1 day ago by Phil Alsop
72.4% are aware of the “significant” energy required to train or run AI models, 49.8% are concerned about the growing power requirements of AI,...
AI-generated attacks are the biggest cyber security worry for UK SMEs this year, according to Mapping the UK SME Cyber Security Landscape in 2025, a...

AI solutions to 'revolutionise' business operations

Posted 3 days ago by Phil Alsop
Innovative and intelligent AI solutions will empower teams with fast and accurate information, increasing efficiency and driving revenue growth.