22% of respondents cited basic organizational resistance as a pain point for automation.

Two-thirds of respondent organizations lack an automated method for reporting on SLAs.

29% of respondents indicated that lack of clean integration with existing CI/CD and ITSM tools was a concern in 2025.

36% of organizations indicated that their remediation processes are mostly automated with some manual steps.

34% of respondents believe that automated remediation integrated into a CI pipeline would speed up remediations.

50% of respondents identified the risk of breaking applications or dependencies as a pain point for automation.

28% of respondents indicated that automated ticket tracking instead of just 'fire and forget' would help them remediate significantly faster.

Fewer than 1 in 5 organizations use structured prioritization models.

Nearly 40% of organizations still rely on manual workflows for most of their vulnerability remediation processes.

1 in 5 organizations take four or more days to fix critical vulnerabilities.

85% of organizations believe their cross-team collaboration is strong.

49% measure success of vulnerability remediation by mean time to remediation.

91% of organizations experience delays in vulnerability remediation.

61% of organizations still measure success of vulnerability remediation by the number of vulnerabilities resolved.

54% measure success of vulnerability remediation by fewer breaches.

91% of organizations experience delays in vulnerability remediation.

Larger organisations take over a month longer (61 days) than smaller ones (27 days) to resolve serious findings in pentests.

69% of the highest-risk (serious) vulnerabilities are resolved.

Median time to resolve issues of all criticalities stretches to 67 days.

Financial companies have a lower rate of serious findings (11%) in pentests.