The Average Vulnerability Remediation Time For Organizations? 2 Months

A report from cybersecurity company Edgescan notes that it takes businesses nearly two months, or a mean time to remediate (MTTR) of 60 days, to fix critical risk vulnerabilities.

The company’s findings go over known and currently exploited vulnerabilities, as well as industry trends involving vulnerability management. Remote access attacks accounted for roughly 5% of attack exposures over the course of 2021.

Over half of observed vulnerabilities were more than 2 years old, with more than 15% being over 5 years old. What’s most surprising is that there were unpatched vulnerabilities from more than 20 years ago, starting from 1999, which accounted for 1.5% of the total.

The quickest MTTR times, and slowest, can be attributed to two different industries. The healthcare industry, despite being hit extremely hard by cybercriminals within the past two years, had a MTTR of 44 days. On the other end of the spectrum, the public administration had a remediation time averaging out at 92 days, which is over a month longer than the overall average.

Edgescan’s goal with their reports are to create visibility so that organizations can be aware of, and stay on top of patching, maintenance and detection. By viewing common exposures amongst industries, businesses can stay on top of trends and figure out where they may need to allocate resources into their IT infrastructure management.


Sign up to our mailing list to receive more IT related educational information:

0 comments on “The Average Vulnerability Remediation Time For Organizations? 2 Months

Leave a Reply

Your email address will not be published. Required fields are marked *