A new report finds that despite the knowledge of the risks, security teams are struggling to keep pace with the attackers.
Gigantic
Organizations have more clarity in cloud cybersecurity risks today more than ever. Safety tools constantly discover weaknesses, bad formations, and generate detailed threat intelligence. However, despite this unprecedented awareness, most cloud security incidents still stem from the known risks.
The Zest Cloud Building Empanced Report 2025 The amazing revelation provides: 62 % of accidents arise from the weaknesses that security teams already identified but failed to treat them. The main issue is not a discovery – implement it. Security specialists realize the threats, but they are struggling to close the episode before the attackers hit.
“In my experience, the accident response teams were, I found that in almost every case, exposure to weakness or wrong formation used for the initial access was something that the security team already knew,” More Levy, Vice President of Salesforce, explained. “For some reason, though, it has not been repaired-the first may have been canceled before because it requires a lot of effort to treat, there was no available correction, or the system was very old to upgrade.”
Snir Ben Shimol, CEO and co -founder of Zest Security explains the root of this paradox. “The safety staple is today great tools for determining security risks, poor formations, and weaknesses. However, there is a gap within organizations on treatment techniques. Treatments and dilution – what we call” the decision ” – is still a 90 % manual process.”
As security teams stumble due to the complex workflow that requires engineering coordination, Devops, and security teams, threats remain in waiting lists, pending exploitation.
10x processing gap: How attackers move faster than defenders
The most disturbing result in the Zest report is the wider gap between the speed of treatment and the metaphor. While security teams often take weeks or even months to treat critical weaknesses, the attackers are now taking advantage of them within five days on average, according to the latest Mandriat intelligence research. This contradiction allows the opponents to be beaten long before defenders can act.
The accumulation of issues that have not been resolved increases, with more than 100 crucial risk tickets at any specific time for most institutions. Meanwhile, internet criminals have adopted artificial intelligence to automate their attacks, which increased speed and development.
“While the inductive actors benefit from artificial intelligence to increase their capabilities and speed, organizations are still late – they only escalate on people and operations without artificial intelligence technology,” says Shimouol. “It takes weeks of security teams, if not months, to determine the root cause of the issue.” Where “for treatment is the largest technical barrier today.”
This problem is exacerbated by the fact that more than 50 % of critical security problems cannot be fully treated, forcing security teams to explore alternative mitigation strategies.
The growing cost of delay in work
In addition to immediate security effects, slow treatment carries huge financial losses. Security teams reported the spending of more than two million dollars annually on treatment efforts, with the exception of the additional costs associated with violations, organizational fines and reputable damages. The accumulation of security tickets is not only operational efficiency, but also translates directly into increased exposure, increased risks, and significant financial pressure.
The separation between risk detection and its solution is now a specific challenge to the security teams. While security professionals are working tirelessly to manage weaknesses, the lack of developmentable treatment solutions and an AI engine means that many threats are still unleashed for several months. In an industry often narrates the importance of “left transformation”, the reality is that organizations are fighting to move forward at all.
Breaking the course: turning in the strategy
In recognition of the urgent need for treatment faster, organizations turn from vision -based security models to the treatment that focuses on treatment. The conversation is no longer about identifying threats, but about disposing of speed and efficiency.
Three major changes that make up the future of treatment:
Determination of voltage -based priorities: Security teams exceed the traditional models of risk manufacturing and instead of giving priority to weaknesses as one treatment process can lead to the elimination of multiple risks. Organizations that adopt this approach informs the faster accumulation and greater security gains. Speed ​​and efficient automation: the manual voltage required to investigate, appoint and solve unsustainable safety tickets. As a result, the difference is invested in automation to accelerate the sorting, analyzing the root causes, setting the ownership of tickets, reducing noise and ensuring the implementation of high -influential reforms first. Reducing controls as a safety net: not all risks can be treated completely, but it can still be contained. 84 % of the security teams in the Zest survey publishes actively mitigating strategies, such as web applications walls, identity restrictions, and retail network, to reduce exposure while working in the long run.
The future of treatment: compliance and organization will compel change
The speed of modern electronic threats began to push the organizational bodies towards more striking compliance measures. As the attackers exploit the weaknesses in the days, the government and industrial organizers are tightening their expectations to correct the known security risks.
“We already see organizational bodies such as SEC that demands almost more comprehensive and impossible time timelines for treatment,” not observed. The organizers have realized that the vision alone does not guarantee security. Institutions are now required to build risk solving plans – just as it was once required to develop incident response plans in response to ransom threats. “
This transformation means that security teams cannot incorporate treatment as a better voltage initiative. The fastest leveling times will become the task of compliance, and failure to act can lead to severe penalties such as those imposed on data violations themselves.
The race for known risks
Zest Cloud 2025 report acts as an invitation to wake up to the security industry. The problem is not a lack of awareness but an urgent need for treatment on a large scale. Organizations must exceed the detection of risks, considering the treatment of artificial intelligence, automation, and giving strategic priority to finally breaking the known threats cycle but not resolved.
The scene of cybersecurity turns quickly, and the industry is at a turning point. The attackers are getting faster. Organizers are demanding more. The future of security will belong to those who act at the speed they discover. The question is, will the organizations adapt in time to keep up with it?
