A new report from crowdsourced security firm Intigriti finds the need for strong cybersecurity practices and vulnerability management service level agreements (SLAs).

Globally, 75 percent of companies fail to respond to critical vulnerabilities within 24 hours, potentially resulting in customer dissatisfaction, loss of revenue, and reputational damage.

In the UK, 29 percent respond within 24 hours, compared to 20 percent in the US. It’s also the case that more respondents in the UK (82 percent) want to fix a critical to exceptional vulnerability within 15 days, compared to the US (69 percent). The UK is also quicker to disclose, with 73 percent disclosing a vulnerability within 15 days, compared to 66 percent in the US.

The report also found that 52 percent of companies skip consulting with their executives when they find critical vulnerabilities, and only 44 percent involve legal and risk management teams. Thirty-six percent fail to consult with IT infrastructure teams, missing out on the expertise of network engineers, systems administrators and application developers. These professionals can help speed up the mitigation process because they may have written the code that created the vulnerability.

Furthermore, 43 percent of organizations fail to regularly conduct cost-benefit analyses to weigh the cost of remediating vulnerabilities against the cost of a data breach. The US outperforms the UK in this area, with 65 percent of organizations conducting regular analyses, compared to 47 percent in the UK.

There are also significant reporting gaps, with 66 percent of US respondents automating tracking and reporting on compliance with disclosure SLAs for contracted suppliers, compared to just 32 percent in the UK. Nearly half (49 percent) of UK respondents rely on manual reporting.

Stijn Jans, CEO and Founder of Intigriti, said: “At Intigriti, we understand the immense pressure on cybersecurity leaders to defend against a rapidly changing threat landscape with limited resources. Yet failing to plan is planning to fail, which is why SLAs are so critical to protecting against cyberthreats. Our report provides clear and actionable standards for performance and accountability, giving businesses a competitive edge in the process. By equipping security teams with tools and knowledge, we can turn vulnerabilities into victories. Together, we can ensure a safer digital future for everyone — but there’s no time to waste.”

The full report can be found on the Intigriti website.

Image credit: Dzmitry Dzemidovich/Dreamstime.com