Survey reveals proactive investment in vulnerability assessment

Only 10% of respondents implemented their vulnerability assessment solution due to a previous or upcoming audit.

Netwrix asked 720 IT professionals all over the world how they assess vulnerabilities in their IT infrastructure. The survey found that 70% of organisations have a vulnerability assessment tool, either deployed internally or provided as a third-party service. Most of those respondents (70%) said the primary reason for purchasing the tool was the need for proactive security measures; 76% of those who do not yet own a vulnerability assessment tool and plan to acquire one in the near future chose the same key driver – to be secure proactively.

“The survey shows that continuous scanning for known vulnerabilities is a popular approach for proactively securing an IT environment,” says Joe Dibley, Security Researcher at Netwrix. “Technology teams implement these tools to proactively identify, prioritise and manage risks to the business. Only 8% of respondents who do not own a solution say they do not require one. This shows that vulnerability management is widely considered a must have.”

In the past several years, companies have become more security focused, with widely covered incidents like Colonial Pipeline and Solar Winds making the consequences of breaches more evident to everyone, not just the IT department. As a result, CISOs and CIOs have been able to secure approval for increases in their cybersecurity budgets. In the recent 2022 cyber security sectoral analysis report, new spending in cybersecurity reached £10.1 billion in 2021 which set a record year for cybersecurity spending in the UK.

While budget is top of mind for 58% of respondents, more than half (52%) said they would consider changing to a new solution if it would reduce the volume of false positive alerts. Some respondents even left comments like, “will not sacrifice performance and accuracy for money”.

“Every false positive finding takes time away from a security focused team member. Many technology teams are already overloaded far beyond 100%, so lots of false positive notifications can lead to alert fatigue and burnout,” commented Joe Dibley. “In addition, 38% of respondents said they would consider changing tools to gain greater breadth of infrastructure coverage, which shows that organisations are gaining a greater understanding that they need to protect not only their servers but also their switches, storage, and other infrastructure-related items.”


Commvault plans to acquire Satori Cyber Ltd to bolster its data security and AI governance...
Clumio Backtrack offers rapid, precise data recovery for DynamoDB, enhancing resilience for...
runZero teams up with Aqaio to enhance its exposure management platform in Germany, aiming to...
Cynomi's 2025 State of the vCISO Report reveals AI's profound impact on service delivery and the...
By Artur Martins, CISO | Cybersecurity Strategy Executive Advisor, Logicalis.
Alcatel-Lucent Enterprise introduces OmniVista Terra, offering combined on-premises and cloud...
NinjaOne unveils its automated endpoint management platform on Google Cloud Marketplace, enhancing...
Acronis partners with Metrofile Cloud to enhance disaster recovery, offering advanced solutions...