Skip to main content
HomeTopicsAttack Surface

Attack Surface

Cybersecurity statistics about attack surface

Showing 1-20 of 25 results

More than 1 in 7 organizations expose API documentation to the internet.

Intruder5/27/2026
API SecurityInternet-facing

40% of organizations rank integrating generative and agentic AI into the business among their top three cybersecurity priorities.

SpecterOps5/27/2026
AI RiskIdentity Security

Organizations test only 32% of their global attack surface on average.

Synack & Omdia5/27/2026
Penetration TestingEnterprise

68% of the enterprise environment remains untested, creating significant blind spots.

Synack & Omdia5/27/2026
Penetration TestingEnterprise

51.1% of organizations report dormant access exploitation

Lumos5/27/2026
Dormant Access

39.1% of organizations report Service Account abuse

Lumos5/27/2026
Service Accounts

87% of intrusions involve activity across multiple attack surfaces.

Palo Alto Unit 422/22/2026

The attack surface has expanded by 41% in the past 12 months, indicating a significant increase in potential vulnerabilities.

Red Canary10/23/2025
Security OperationsAttack surface

Rapidly expanding attack surfaces are cited by 38% of cybersecurity and cyber risk leaders as a reason for increased difficulty in managing cyber risk today vs five years ago.

Bitsight7/29/2025
Cyber riskRisk management

46% of respondents used savings from optimization, automation, and outsourcing to increase coverage of the attack surface.

EY5/28/2025

Six in 10 respondents point to increased visibility across attack surfaces due to automation efforts.

EY5/28/2025
AutomationVisibility

39% believe that if you don’t manage asset-related risks properly, it will weaken your standing in the marketplace, making it harder to win new business or keep up with rivals.

Trend Micro4/29/2025
Asset managementAttack surface

75% of cybersecurity incidents occur due to unmanaged assets.

Trend Micro4/29/2025
Asset managementAttack surface

55% of organizations surveyed said they have no processes in place to continuously manage attack surface risk.

Trend Micro4/29/2025
Asset managementAttack surface

Just 43% of global organizations use dedicated tools to proactively manage risk across their attack surface.

Trend Micro4/29/2025
Asset managementSecurity tools

On average, only 27% of responding organizations' budgets are dedicated to managing attack surface risk.

Trend Micro4/29/2025
Asset managementBudget

77% of companies claimed that their current resources are adequate for addressing attack surface challenges

Trend Micro4/29/2025
Asset managementAttack surface

91% of respondents acknowledged that attack surface management is either directly or somewhat connected to their organization's business risk.

Trend Micro4/29/2025
Asset managementAttack surface

73% of cybersecurity leaders surveyed have experienced security incidents due to unknown or unmanaged assets.

Trend Micro4/29/2025
Asset managementAttack surface

42% of respondents said that if you don’t manage asset-related risks properly, you’re likely to experience disruptions to day-to-day operations—e.g., outages, downtime, or process failures.

Trend Micro4/29/2025
Asset managementAttack surface