Potential attack surfaces within companies are changing almost daily. Cybercriminals are prepared for this—most companies are not. This dynamic calls for new measures.
Nearly one in three vulnerabilities is now exploited by cybercriminals on the very day it is disclosed, according to research by the U.S. security firm VulnCheck. Two years ago, the time-to-exploit was still five days, as a comparable study found. In 2022, companies even had 32 days to respond.
Within just three years, attackers have increased their speed by a factor of 30—reacting to new vulnerabilities within a single day instead of a month. Most organizations are nowhere near this pace. Depending on the industry, companies typically take between 63 and 104 days to remediate security gaps, according to a study by security provider Edgescan. Even for critical vulnerabilities classified as highly dangerous by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), it takes an average of 137 days until remediation.
Why security teams can’t keep up
The main reason most organizations lag behind cybercriminals—particularly in terms of speed—is the almost daily expansion of attack surfaces. Cloud migration, SaaS, and AI‑generated code continuously open new entry points. “Vibe coding” expands them even further: large amounts of context‑free code and assembled snippets without architecture or reviews. The result: the attack surface grows in real time.
Traditional security tests fail to capture this dynamic. At the same time, the number of tools in use typically explodes. Different scanners, penetration tests, and crowdsourcing platforms generate fragmented results without learning from each other. As a consequence, teams drown in alerts while losing sight of the truly critical threats.
On top of this, most companies lack the resources for an adequate response—both in terms of personnel and budget. These are usually only allocated after an attack has already occurred, rather than as a preventive measure.
Clear diagnosis, first solution approaches
While there is broad consensus in the cybersecurity industry about the root causes of the problem, several solution paths are emerging. It is becoming clear that future approaches will require the following capabilities: continuous activity, rapid adaptation to changing attack surfaces and threats, and a high degree of autonomy.
Implementing such concepts, however, is complex. Many organizations already struggle to integrate their existing security tools. Continuous monitoring also generates even more data and alerts, further exacerbating information overload. And even the best technology is of limited value without qualified professionals to interpret the results and initiate appropriate actions. The shortage of cybersecurity talent therefore remains the fundamental challenge.
The shift has begun
Despite all these hurdles, a paradigm shift is underway. More and more organizations are recognizing that static, point‑in‑time security testing can no longer keep up with today’s threat landscape. According to a study by U.S. security provider Cycognito, 65% of companies plan to implement continuous, automated, or even autonomous testing approaches. At the same time, the global security testing market is growing rapidly: according to market research firm IMARC, it is expected to expand from USD 13 billion in 2024 to USD 58.3 billion by 2033.
Regulation will further accelerate this shift. With NIS2—the strengthened EU cybersecurity directive—and the Cyber Resilience Act governing product security in the EU, compliance pressure is increasing. Swiss companies will also be required to demonstrate that their security measures are effective across their entire environment, aligned with the current threat landscape, and continuously active.
Ultimately, success will depend on whether the industry can find pragmatic implementation paths that are accessible even to organizations without large, dedicated cybersecurity teams. Because today’s threats do not affect only large enterprises—they affect everyone.
About Florian Badertscher
Florian Badertscher, Co‑Founder & COO of Bug Bounty Switzerland, is among Switzerland’s leading cybersecurity experts, with over 20 years of professional experience. In 2015, he initiated the first nationwide bug bounty program for the entire Swisscom Group, which he led until 2021. The program also covered systems in highly regulated industries such as telecommunications and finance.
Badertscher is deeply embedded in the security community and a sought‑after speaker at industry events. He is a member of the Swiss Federal Council’s expert advisory board on digital identity. Following earlier roles at Compass Security and Swisscom, he brings extensive expertise in cyber defense, incident response, and penetration testing. He holds an Executive MBA in Innovation Management, a Bachelor’s degree in IT Security, and is a certified OSSTMM Security Tester.This article was originally published on inside‑IT as part of the media partnership between inside‑IT and the Digital Business Transformation Forum.
https://www.inside-it.ch/cyber-verteidigung-im-tempo-der-angreifer-20250924
