False Positives
Cybersecurity statistics about false positives
Related Topics
Showing 1-16 of 16 results
30% of security and IT leaders report AI-generated alerts produce false positives that negatively impact investigation timelines.
26% of security professionals say chasing false positives and low-priority alerts wastes the most time in their security team.
71% of organizations report increased web application firewall (WAF) false positives
Every model produced at least one false-positive run by hallucinating vulnerable paths in the OpenNDS real-world task
False alerts are a leading stressor for security teams (94%).
72% of SAST/DAST users are challenged by an overwhelming number of false positives.
The average enterprise spends over 400 hours per year managing false positive alerts from data loss prevention (DLP) or email security tools.
11% of security teams say application security false positives happen constantly.
45% of respondents report consistent false positives from their cloud security tools.
56% of decision-makers at financial institutions named false positives as the leading pain point in fraud operations.
False positives are the #1 blocker to Shift Left, cited by 35% of respondents.
55% of respondents report having to address too many false positives.
Managing the sheer volume of vulnerabilities and false positives were the biggest challenges in securing code, cited by 78% of respondents.
Despite 98% of organisations using vulnerability scanning, only 34% find it highly effective due to false positives.
The top five vulnerability management problems they’re actively trying to solve with AI today were: false positives (49%), overload of data (39%), reliance on manual processes (33%), disparate results from scanning tools (31%), and false negatives (31%)
False positive and negative rates are the No. 1 way that organizations reported that they evaluate the efficacy of AI in security, named by 66% of respondents