SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
India
Critical vulnerability exposures double, Check Point finds

Critical vulnerability exposures double, Check Point finds

Fri, 3rd Jul 2026 (Today)
Sean Mitchell
SEAN MITCHELL Publisher

Check Point has published research on cyber exposure trends across four industries, finding that critical vulnerability exposures more than doubled over the past year.

Vulnerabilities accounted for 42.6% of all critical exposures, up from 18.7% a year earlier, making them the largest single category in the analysis. Yet only 7.8% of vulnerability alerts warranted critical or high attention after exploitability validation, suggesting most alerts did not require the same immediate response.

The findings highlight a widening gap between the number of issues security teams can see and the smaller subset that requires urgent action. Vulnerabilities and internal information disclosure together accounted for 76% of all critical exposures.

Phishing websites also became a larger part of the threat picture. They accounted for 10.5% of critical exposures, up from 1.0% a year earlier, making phishing one of the fastest-growing exposure types in the report.

At the same time, the data showed that organisations could act on recommended fixes in most cases when response processes were in place. Across the industries examined, 85.9% of recommended fixes were implemented.

Sector split

The report drew on customer environments in utilities, government, healthcare and financial services, and found clear differences between sectors. In utilities, vulnerabilities made up 78.2% of critical exposures, compared with 56.4% in government.

Healthcare and financial services showed a different pattern. Internal information disclosure was the leading category in healthcare, accounting for 63.6% of critical exposures. In financial services, it accounted for 42.7%.

Those differences shape what security teams need to address first. A business facing a concentration of software weaknesses has a different remediation burden from one dealing mainly with exposed information assets.

Response times

Some organisations resolved critical exposures within one hour. Utilities led on that measure, with 30% of organisations in the sector closing critical exposures within that timeframe.

The fastest sector in the study recorded a median remediation time of 12.6 hours. By contrast, healthcare had the slowest median remediation time at 158.8 hours, despite a strong rate of fix implementation.

The report linked healthcare's slower response to the operational realities of legacy systems, clinical uptime requirements and strict change control. Those constraints can make it harder to remove exposures quickly, even when teams know what needs to be fixed.

The wider theme in the research is that volume alone is no longer the defining problem for security teams. The challenge is deciding which issues are genuinely exploitable as attack tools, and automated methods increase the speed at which threat actors can probe systems, credentials, phishing infrastructure and known weaknesses.

Yochai Corem, Vice President and General Manager of Exposure Management at Check Point, said organisations need to identify urgent risks more accurately. "The volume of alerts is no longer the problem, the signal is. When critical vulnerabilities double but fewer than one in twelve turn out to be urgent, the organisations that win are the ones that can find the genuinely exploitable risks fast and act on them before attackers do," Corem said.

He also pointed to the strain on manual security processes as attackers test more targets more quickly. "Attackers are now testing more exposures, across more organisations, at greater speed than security professionals can manually keep pace with. The organisations that stay ahead are the ones that can quickly separate the small set of genuinely exploitable risks from the noise, then remediate them safely without disrupting operations. That is what exposure management delivers, and it is fast becoming a core measure of operational readiness," Corem said.

The data suggests the key issue for many organisations is not simply detecting more exposures, but narrowing down which ones present immediate danger. In Check Point's sample, the proportion of vulnerabilities classified as urgent was small even as the total number of critical vulnerability exposures rose sharply.

That leaves security teams balancing speed with precision, particularly in sectors where operational constraints can slow fixes. The report's central finding is that a relatively small number of exposure types account for most critical risk, with vulnerabilities and internal information disclosure together making up 76% of all critical exposures.