In 2025, AI is making it easier for attackers to exploit weaknesses, while businesses are contending with expanding attack surfaces due to a multitude of factors including shadow IT, supply chain risk, and sprawling cloud infrastructure.
Faced with these challenges, how well are defenders keeping up? The data highlights progress in some areas, but also pressures in the wider threat environment that are stretching lean security teams to their limits.
Intruder’s Exposure Management Index analyzes data from 3,000 small and midsize businesses (1 to 2,000 employees) to understand how the threat environment is changing and how vulnerability response differs across company sizes, industries, and geographies.
Read on for three key trends shaping exposure management in 2025, and download the full report for more insights, expert commentary and advice for staying secure amidst an intensifying threat landscape.
High-Severity Vulnerabilities Up 20%
The average number of identified critical vulnerabilities per organization has stayed steady compared with last year, so organizations aren’t necessarily facing more “all hands on deck” crises.
But the number of high-severity issues has jumped by almost 20% year-on-year. That means security and engineering teams are contending with a greater volume of serious issues.
In most cases, however, there hasn’t been a corresponding increase in staff or budget. The knock on effect has been increased pressure on already-stretched security and engineering teams.
Generative AI has played a role in this increase by making it easier for attackers to write new exploits. Attackers are also seeing an opportunity to exploit old vulnerabilities that remain unpatched.
Andy Hornegold, VP of product at Intruder comments that “we are seeing the back catalog of CVEs and vulnerabilities being weaponized with increased frequency”.
... continue reading