Known Vulnerabilities are the Leading Cause of Exposure to Data Breaches and Cyber Threats

BMC, the global leader in software solutions for IT, in association with Forbes Insights today released results from a security survey of more than 300 C-level executives across Europe and North America, revealing that known vulnerabilities are the leading cause of exposure to data breaches and cyber threats. The report also confirms a significant gap between the security and IT operations (SecOps) teams, which is contributing to unnecessary data loss, production downtime, and potential reputation damage.

The survey revealed that 44 percent of security breaches occur even when vulnerabilities and their remediations have previously been identified. Put simply, it takes far too long to fix a vulnerability once a patch becomes available. When asked why, 33 percent of executives surveyed stated it was challenging to prioritise which systems to fix first, since the security and operations teams may have different priorities.

While the joint efforts of security and IT operations ultimately determine an enterprise’s security strength, the individual goals of these two groups are often out of sync. The biggest areas of risk for an enterprise are outdated and poorly synchronised internal procedures that thwart efforts to quickly defend against known threats.

When asked about the challenges faced by IT and security, 60 percent of executives surveyed said the IT operations and security teams have only a general or a little understanding of each other’s requirements. Yet, 50 percent don’t have a plan in place for improving the coordination between these two groups.

Today, it often takes companies months to remediate known vulnerabilities – exposing them to potential breaches for six months or more as they work to resolve known threats,” said Jason Andrew, GM and VP of Sales, BMC EMEA “To discover, prioritise and fix vulnerabilities quickly calls for improved coordination between the security and IT operations teams. Narrowing the SecOps gap is critical to protecting an organisation’s brand and also ensures customer confidence in the ability for the business to protect its information.”

As companies prepare for 2016, CIOs need a plan to address the SecOps gap. European businesses are lagging behind their North American counterparts in this regard, with only 37 percent of those surveyed (compared to 60 percent in North America) planning to purchase or implement SecOps solutions in the next twelve months.

C- level executives across EMEA should therefore consider a number of actions outlined in the report, including:

  • Create cross-functional working groups to share security, compliance and operational concerns while implementing regular meetings to build loyalty and trust.
  • Develop collaborative workflow processes that smooth interactions of security, IT operations and compliance personnel.
  • Replace error-prone manual processes with intelligent compliance and security platforms that automate the testing and rollout of security patches and provide centralised information management tools.


“It is time to rethink the traditional, departmentalised, siloed approach to security given the increasingly sophisticated threats,” said Roy Illsey, principal analyst, infrastructure solutions  at Ovum. “Both security and IT operations groups must be held accountable for identifying and fixing issues quickly and integrate security and IT operations activities to further protect their organisations.”

+ posts

Meet Stella


Related articles

How to add AI to your cybersecurity toolkit 

A successful implementation of AI in cyber defense requires a solid data governance system, reimagined incident response frameworks, sufficient talent and expertise to manage the new system, and established documentation practices.

The Metaverse: Virtually a reality?

Metaverses have the potential to enable virtual worlds to expand beyond the gaming genre to encompass all manner of social and commercial activities.

Cybersecurity and Cloud: A Look Back at 2022 and What to Expect in 2023

Businesses are continuously reassessing their resources and options to fill their tech stack. In this competitive digital landscape, the innovative use of technology will be something that would generate a competitive advantage for organisations.

Shopping for Data: Ensuring a seamless user experience 

This combination can drive a business’s data culture and provide a structured approach for businesses to benefit from data intelligence across their operations, with only a few clicks.

Unveiling the Top 10 Cybersecurity Threats to Watch Out for in 2023

As technology advances, so do cybercriminals' methods to gain unauthorised access to sensitive information. With the increasing reliance on technology in both personal and professional settings, it is crucial to stay informed about the top cybersecurity threats to watch out for in 2023.


Comments are closed.

Subscribe to our Newsletter