About
Subscribe
  • Home
  • /
  • Security
  • /
  • Critical exposures surge, but most don't need immediate action

Critical exposures surge, but most don't need immediate action

Chris Tredger
By Chris Tredger, Technology Portals editor, ITWeb
Johannesburg, 08 Jul 2026
Hendrik de Bruin, head of security consulting for Africa at Check Point Software Technologies.
Hendrik de Bruin, head of security consulting for Africa at Check Point Software Technologies.

Research from Check Point Software Technologies reveals a widening global exposure gap and a shorter window for defenders to act before exposure becomes impact – and Africa is seeing similar trends.

The cyber firm's ‘Under Pressure: The 2026 Exposure Gap Report’ found that globally, the proportion of critical vulnerability exposures more than doubled over the past year, yet fewer than one in 12 proved urgent enough to require immediate action.

According to the report, 42.6% of all critical exposures were vulnerabilities, more than double the 18.7% recorded a year earlier, making them the single largest category of critical exposure in 2026. However, only 7.8% of vulnerability warranted critical or high attention after exploitability validation – more than 90% did not require immediate remediation.

Additionally, 76% of all critical exposures came from just two categories – vulnerabilities and internal information disclosure – concentrating around exploitable weaknesses and exposed information assets.

Phishing websites grew to 10.5% of critical exposures, up sharply from 1% a year earlier, making it one of the fastest-growing exposure types. Companies acted on 85.9% of recommended fixes across the industries analysed, showing that exposures are being closed at scale when prioritisation and response workflows are in place.

Hendrik de Bruin, head of security consulting for Africa at Check Point Software Technologies, says automation and AI-assisted attack tools are reshaping both the scale and pace of exposure. "Threat actors can now test exposed systems, credentials, phishing infrastructure and known weaknesses across more organisations and at greater speed than manual triage can match.”

The report also shows that many companies resolved critical exposures within one hour, with utilities at 30%. The fastest sector had a median remediation time of 12.6 hours, which, according to Check Point, shows that even sensitive, high-stakes environments can close exposures quickly.

Exposure profiles varied sharply by sector. Vulnerabilities dominated in utilities and government, accounting for 78.2% and 56.4% of critical exposures respectively, while internal information disclosure led in healthcare at 63.6% and financial services at 42.7%.

Healthcare proved the most challenging environment, with the slowest median remediation time of 158.8 hours, despite a strong fix-implementation rate, reflecting the constraints of legacy systems, clinical uptime requirements and change control. These differences underline why exposure management priorities must be tailored by industry.

De Bruin says Africa shows similar trends when it comes to the exploitability of vulnerabilities. "Roughly 90% of vulnerabilities are often not exploitable, meaning they shouldn't necessarily be classified as critical or high. The primary reason is that we use similar technologies across the globe. However, just because Africa shows similar vulnerability statistics doesn't mean we see the same patterns. The report found that 76% of all critical exposures globally came from just two categories: vulnerabilities and internal information disclosure. Across Africa, we also see stolen credentials playing a massive role in enterprise risk exposure. These credentials are often obtained through malware such as infostealers and, of course, phishing.”

Regardless of the statistics, the implications are the same: risk is often concentrated, so targeted remediation of a narrow set of exposure types could eliminate a large majority of the risk backlog, he adds.

Yochai Corem, VP and GM of exposure management at Check Point Software Technologies, says attackers are testing more exposures across more organisations at greater speed than security professionals can manually keep pace with.

"The organisations that stay ahead are the ones that can quickly separate the small set of genuinely exploitable risks from the noise, then remediate them safely without disrupting operations. That is what exposure management delivers, and it is fast becoming a core measure of operational readiness.”

Share