END point cybersecurity software fails to protect one in five enterprise devices, according to Absolute Security, leaving organisations exposed to cyber threats. The 2026 Resilience Risk Index, published on 23 March, analysed device‑level telemetry across tens of millions of enterprise endpoints and found a protection gap equating to about 76 days a year of increased access for cybercriminals.
The report attributes the issue to growing complexity and slow patch management, noting that 24% of endpoint vulnerability management platforms operate outside of compliance, up from 20% the previous year.
It also found that critical Windows updates were delayed by an average of 127 days, leaving devices susceptible to downtime caused by zero‑day vulnerabilities and other attacks, while nearly 10% of enterprise endpoints remain permanently unpatched, a situation worsened by Windows 10 being out of support since October 2025.
Christy Wyatt, president and CEO of Absolute Security, warned that downtime is optional even as attacks are inevitable, emphasising the need to enforce change across millions of endpoints to reduce exposure.