Attack Surface
Cybersecurity statistics about attack surface
Related Topics
Showing 1-20 of 25 results
More than 1 in 7 organizations expose API documentation to the internet.
40% of organizations rank integrating generative and agentic AI into the business among their top three cybersecurity priorities.
Organizations test only 32% of their global attack surface on average.
68% of the enterprise environment remains untested, creating significant blind spots.
51.1% of organizations report dormant access exploitation
39.1% of organizations report Service Account abuse
87% of intrusions involve activity across multiple attack surfaces.
The attack surface has expanded by 41% in the past 12 months, indicating a significant increase in potential vulnerabilities.
Rapidly expanding attack surfaces are cited by 38% of cybersecurity and cyber risk leaders as a reason for increased difficulty in managing cyber risk today vs five years ago.
46% of respondents used savings from optimization, automation, and outsourcing to increase coverage of the attack surface.
Six in 10 respondents point to increased visibility across attack surfaces due to automation efforts.
39% believe that if you don’t manage asset-related risks properly, it will weaken your standing in the marketplace, making it harder to win new business or keep up with rivals.
75% of cybersecurity incidents occur due to unmanaged assets.
55% of organizations surveyed said they have no processes in place to continuously manage attack surface risk.
Just 43% of global organizations use dedicated tools to proactively manage risk across their attack surface.
On average, only 27% of responding organizations' budgets are dedicated to managing attack surface risk.
77% of companies claimed that their current resources are adequate for addressing attack surface challenges
91% of respondents acknowledged that attack surface management is either directly or somewhat connected to their organization's business risk.
73% of cybersecurity leaders surveyed have experienced security incidents due to unknown or unmanaged assets.
42% of respondents said that if you don’t manage asset-related risks properly, you’re likely to experience disruptions to day-to-day operations—e.g., outages, downtime, or process failures.