Irvine, CA, April 7, 2022

Netwrix Survey: 70% of Companies Invest in Vulnerability Assessment Primarily to Be Proactive Rather than to Ensure Compliance

Only 10% of respondents implemented their vulnerability assessment solution due to a previous or upcoming audit

Netwrix, a cybersecurity vendor that makes data security easy, asked 720 IT pros all over the world how they assess vulnerabilities in their IT infrastructure. The survey found that 70% of organizations have a vulnerability assessment tool, either deployed internally or provided as a third-party service. Most of those respondents (70%) said the primary reason for purchasing the tool was the need for proactive security measures; 76% of those who do not yet own a vulnerability assessment tool and plan to acquire one in the near future chose the same key driver – to be secure proactively.

The survey shows that continuous scanning for known vulnerabilities is a popular approach for proactively securing an IT environment. Technology teams implement these tools to proactively identify, prioritize and manage risks to the business. Only 8% of respondents who don’t own a solution say they do not require one. This shows that vulnerability management is widely considered a must-have.
Joe Dibley, Security Researcher at Netwrix

In the past several years, companies have become more security-focused, with widely-covered incidents like Colonial Pipeline and Solar Winds making the consequences of breaches more evident to everyone, not just the IT department. As a result, CISOs and CIOs have been able to secure approval for increases in their cybersecurity budgets. In the Gartner® 2021 CIO Agenda Survey, cybersecurity was the top priority for new spending, with 61% of the more than 2,000 CIOs surveyed increasing investment in cyber/information security this year.[1]

Which of the following was the main reason your organization acquired a vulnerability assessment solution?

diagram1

Which of the following is the main reason for your organization to consider purchasing a vulnerability assessment solution?

diagram2

While budget is top of mind for 58% of respondents, more than half (52%) said they would consider changing to a new solution if it would reduce the volume of false positive alerts. Some respondents even left comments like, “will not sacrifice performance and accuracy for $$”.

Every false positive finding takes time away from a security-focused team member. Many technology teams are already overloaded far beyond 100%, so lots of false positive notifications can lead to alert fatigue and burnout. In addition, 38% of respondents said they would consider changing tools to gain greater breadth of infrastructure coverage, which shows that organizations are gaining a greater understanding that they need to protect not only their servers but also their switches, storage and other infrastructure-related items.
Joe Dibley, Security Researcher at Netwrix

What would encourage your organization to change its current vulnerability assessment solution?

diagram3

[1]Source: Gartner Press Release, “Gartner Forecasts Worldwide Security and Risk Management Spending to Exceed $150 Billion in 2021”, May 17, 2021. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

about netwrix corporation

Netwrix champions cybersecurity to ensure a brighter digital future for any organization. Netwrix's innovative solutions safeguard data, identities, and infrastructure reducing both the risk and impact of a breach for more than 13,500 organizations across 100+ countries. Netwrix empowers security professionals to face digital threats with confidence by enabling them to identify and protect sensitive data as well as to detect, respond to, and recover from attacks.

For more information, visit www.netwrix.com.

contact us

Your questions and feedback are always welcome. Please dial our toll-free number: 888 - 638 - 9749, or enter your question details here and we will reply as soon as possible.

Media contact

Erin Jones, Avista PR for Netwrix
Phone: 704 - 664 - 2170

Follow us