22% of respondents cited basic organizational resistance as a pain point for automation.

Two-thirds of respondent organizations lack an automated method for reporting on SLAs.

29% of respondents indicated that lack of clean integration with existing CI/CD and ITSM tools was a concern in 2025.

36% of organizations indicated that their remediation processes are mostly automated with some manual steps.

34% of respondents believe that automated remediation integrated into a CI pipeline would speed up remediations.

50% of respondents identified the risk of breaking applications or dependencies as a pain point for automation.

28% of respondents indicated that automated ticket tracking instead of just 'fire and forget' would help them remediate significantly faster.

35% of respondent organizations are not currently using their CI/CD pipelines for remediation but want to in 2025.

4% of organizations took more than 15 days to remediate critical vulnerabilities in 2025.

60% of respondents reported that fewer than 5% of vulnerabilities and misconfigurations recurred within a month of remediation in 2025.

35% of respondents cited rollbacks of patches as a cause of vulnerability recurrence.

91% of respondents agreed or strongly agreed that their organization is improving in its ability to remediate vulnerabilities in 2025, according to a survey of respondents.

1% of respondents reported being 'not at all confident' in their organization's ability to remediate known vulnerabilities in a timely manner.

Tool sprawl reduces confidence in remediation by 51% in 2025.

28% of organizations report that IT operations is primarily responsible for remediating vulnerabilities and misconfigurations reported by security.

42% of IT and security professionals reported working in both IT operations and security in 2025, according to a survey of 125 respondents

26% of respondents stated that the recurrence of vulnerabilities and misconfigurations was between 6% and 10% within a month of remediation in 2025.

52% report on their remediation efforts ‘quarterly’, ‘rarely’, or ‘never’ in 2025, while only 18% run weekly reports.

44% of security and IT operators indicated that auto-creating tickets with all relevant information would improve remediation in 2025.

18% of organizations surveyed reported tracking and reporting their remediation efforts on a weekly basis while 30% reported doing so monthly.