Exploited vulnerabilities: the leading cause of breaches
Exploited vulnerabilities have become the top entry point for data breaches, according to Verizon’s 2026 Data Breach Investigations Report. This shift highlights the growing importance of patch management and vulnerability remediation for organisations of all sizes. Exploited vulnerabilities accounted for 31 percent of initial breach access, surpassing other attack vectors such as phishing and credential theft.
Surge in vulnerability exploitation
The report analysed more than 22,000 breaches over a one-year period ending in October 2025. Compared to the previous year, the percentage of breaches caused by exploited vulnerabilities rose sharply from 20 percent to 31 percent. This increase reflects the ongoing challenge organisations face in keeping up with the sheer volume of vulnerabilities across their digital infrastructure.
Patch management struggles
Many organisations are struggling to patch vulnerabilities quickly enough. The median time to fully patch a vulnerability has increased from 32 days to 43 days. Furthermore, the number of known exploited vulnerabilities (KEVs) requiring remediation jumped from 11 to 16 per organisation on average. Only 26 percent of critical vulnerabilities in the Cybersecurity and Infrastructure Security Agency’s (CISA) catalog were fully remediated, down from 38 percent the year before.
- Median patch time increased to 43 days
- KEV volumes rose significantly
- Remediation rates for critical vulnerabilities declined
Why exploited vulnerabilities matter for organisations
Exploited vulnerabilities pose a significant risk because attackers can gain initial access without interacting with users. This means even robust security awareness programmes may not prevent such breaches. The CISA KEV catalog contained more than 1,500 CVEs (Common Vulnerabilities and Exposures) as of February, and 65 percent of those were exploited in the previous year.
Common vulnerability types
The five most frequent weaknesses in the CISA KEV catalog include:
- Out-of-bounds read
- Heap-based buffer overflow
- Use after free
- External control of file name or path
- Access of resource using incompatible type
These technical flaws are often found in widely used software and hardware, making remediation essential to prevent broad exploitation. Attackers, mostly motivated by financial gain, are increasingly leveraging these vulnerabilities as an easy route into organisational networks.
Ransomware’s continuing impact
Ransomware remains one of the most disruptive threats. Last year, ransomware accounted for 48 percent of all breaches, an increase from 44 percent in 2024. While the proportion of victims paying ransom declined, the prevalence of ransomware attacks continues to grow. Attackers often exploit unpatched vulnerabilities to deploy ransomware, further emphasising the importance of rapid patching and vulnerability management.
How organisations should respond to the vulnerability threat
Given the rise of exploited vulnerabilities, organisations must prioritise patch management and vulnerability remediation. The following steps can help reduce risk:
- Shorten patch cycles: Aim to patch critical vulnerabilities within days, not weeks.
- Prioritise known exploited vulnerabilities (KEVs): Focus on the vulnerabilities listed in CISA’s KEV catalog.
- Reduce external attack surface: Limit unnecessary exposed assets and services.
- Implement vulnerability scanning: Regularly scan systems to identify unpatched vulnerabilities.
- Maintain asset inventory: Know what hardware and software you operate to streamline remediation.
SMB-specific recommendations
Small and medium-sized businesses (SMBs) often lack dedicated security teams, making them more vulnerable to unpatched flaws. SMBs should:
- Use automated patch management tools
- Leverage managed security services if internal resources are limited
- Educate staff about the importance of timely software updates
- Monitor vendor advisories for relevant security updates
Adapting to evolving vulnerability trends
The increasing volume of vulnerabilities and declining remediation rates indicate that organisations must adapt their strategies. Rather than attempting to patch every flaw, focus on those with active exploitation and critical impact. Use threat intelligence feeds and vulnerability prioritisation frameworks to allocate resources efficiently. Collaboration with industry peers and government agencies can also improve vulnerability management efforts.
Continuous improvement
Vulnerability management is an ongoing process. Reviewing patching performance, learning from breach incidents and updating policies help create a more resilient security posture. As attackers continue to exploit vulnerabilities as their primary entry point, organisations must stay vigilant, proactive and responsive to new threats.
Originally reported by cyberscoop.com.
