Press Releases

XM Cyber’s 2024 Survey on the State of Security Posture Reveals Remediation Efforts Falling Behind Surging Exposures

Getting your Trinity Audio player ready...

In-depth survey underscores need for enhanced cybersecurity strategies and integrated approaches 

HERZLIYA, Israel – January 9, 2023 – XM Cyber, the leader in hybrid cloud exposure management, today released findings from its 2024 State of Security Posture Survey. The report, based on a survey of 300 CISOs and security decision-makers from large organizations in the US and UK, assesses how exposures are being remediated, the level of effort invested in this undertaking, and the motivations behind such efforts. 

The report provides valuable insights for organizations striving to navigate the evolving threat landscape effectively. Several key themes emerged from the responses, painting a comprehensive picture of the current state and challenges in cybersecurity.

Notable Trend 1 – Increased effort is going towards an ever-growing number of threats, leaving a gap that is currently not being closed

First is a trend towards increasing commitment to remediation efforts. 87% of organizations indicate plans to enhance vulnerability and exposure remediation efforts within the next year. This decision comes despite challenges, such as a shortage of skilled personnel and the burden on existing security teams. Additionally, 62% of IT and security teams are actively engaged in remediating exposures, handling an average of 12 per week. This indicates substantial yet insufficient effort given the thousands of Common Vulnerabilities and Exposures (CVEs) as well as the ever-growing number of exposures such as misconfigurations and credential issues that are increasingly exploited in attacks.

The survey also reveals the growing complexity and volume of cyber threats. 82% of companies report an expanding gap between the number of exposures and their ability to manage them. This widening gap reflects both the increasing volume and sophistication of cyber threats. Moreover, the struggle with outdated legacy systems, as reported by 90% of respondents, underscores the difficulty in aligning older systems with emerging threats, highlighting the need for a new approach.

Notable Trend 2 – Organizations suffer from technological and communication siloes 

Another prominent theme is the focus on cloud and integrated cybersecurity strategies. Around 45% of organizations identify the cloud as a primary area for enhancing security posture, indicating a shift towards cloud-centric security concerns. However, nearly half of the organizations surveyed manage exposures separately for on-prem and hybrid cloud environments. This suggests a growing need for integrated, holistic approaches, moving away from siloed strategies that leave gaps in defense mechanisms.

Challenges in communication and organizational alignment are also evident. Approximately 68% of companies emphasize the importance of effectively conveying security posture to leadership. The report also notes a discrepancy in processes at different organizational levels, with more senior roles reporting more formalized processes than do those on the operational frontlines, indicating a disconnect in understanding and addressing cybersecurity challenges.

Notable Trend 3 – Organizations are looking for scalable and adaptable solutions

Lastly, the survey addresses the aspect of centralized management and scalability. About half of respondents report using a single program to manage exposures, a trend more prevalent in smaller organizations. In contrast, larger companies often face challenges in implementing such centralized approaches, underlining the need for scalable, adaptable solutions catering to the diverse needs of organizations of different sizes.

The findings underscore the critical need for organizations to evolve their cybersecurity strategies. As threats become more sophisticated, the emphasis shifts from traditional threat management to a more comprehensive approach that encompasses cloud environments, identity management, and effective communication. The report highlights the urgency of adopting scalable and integrated solutions to address the complex cybersecurity landscape effectively.

“The data highlights two crucial gaps that need to bridged: the expanding gap between exposures and remediations, and the communications gap between security operators and leadership,” said Boaz Gorodissky, CTO and Co-Founder of XM Cyber. “It’s a call to action for organizations to not only invest in advanced solutions but also to foster a culture of cybersecurity awareness and collaboration.”

XM Cyber, established by leaders from the Israeli cyber intelligence community, is dedicated to transforming how organizations address cyber risks, offering insights and tools to manage threats across various environments effectively. The company specializes in demonstrating how attackers leverage misconfigurations, vulnerabilities, identity exposures, and more across various environments, including AWS, Azure, GCP, and on-prem.

Click here to to download the full report.


XM Cyber conducted a survey involving 300 full-time employees, including influential decision-makers such as CISOs, Directors, VP/Heads of Security, and other senior cyber professionals responsible for purchasing decisions. These participants were strategically sourced from 210 organizations in the US and 90 in the UK, all with 2,500 employees or more. The survey, spanning the second half of 2023, was conducted in collaboration with Global Surveyz, an independent survey company.

About XM Cyber 

XM Cyber is a leading hybrid cloud exposure management company that’s changing the way organizations approach cyber risk. XM Cyber transforms exposure management by demonstrating how attackers leverage and combine misconfigurations, vulnerabilities, identity exposures, and more, across AWS, Azure, GCP, and on-prem environments to compromise critical assets. With XM Cyber, you can see all the ways attackers might advance, and all the best ways to stop them, pinpointing where to remediate exposures with a fraction of the effort. Founded by top executives from the Israeli cyber intelligence community, XM Cyber has offices in North America, Europe, Asia Pacific and Israel.



Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.

See what attackers see, so you can stop them from doing what attackers do.