Security Debt
We've curated 7 cybersecurity statistics about security debt to help you understand how accumulated vulnerabilities and outdated practices are impacting organizations' defenses against emerging threats in 2025.
Top Vendors
Showing 1-7 of 7 results
Critical security debt, defined as risky vulnerabilities older than a year, increased 20% year-over-year.
82% of organizations now harbor security debt, an 11% increase from the prior year.
60% of organizations with security debt have security debt defined as "critical," representing vulnerabilities severe enough to cause catastrophic damage if exploited.
Third-party libraries and open-source dependencies account for 66% of the most dangerous, longest-lived vulnerabilities.
Open-source flaws account for over 82% of critical security debt at financial firms, despite third-party code representing only 17% of total security debt.
63% of banking, financial services, and insurance organizations reported harboring critical security debt in 2025, which is 13 percentage points higher than the cross-industry average.
77% of financial services organizations reported accruing some level of security debt.