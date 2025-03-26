London (ots) - Keith Poyser, Vice President for EMEA: "This report offers a

groundbreaking analysis based on real-world cyberattack techniques conducted at

organisations across the globe, delivering invaluable insights."



Horizon3.ai (https://www.horizon3.ai/) , a global leader in offensive security,

today released its 2025 Cybersecurity Insights Report, revealing the common

security gaps organisations struggle to close. By analysing exploit trends from

50,000 NodeZero® autonomous security tests run in 2024, along with insights from

a survey sample of nearly 800 security leaders and practitioners, the report

presents clear evidence of how current security strategies are failing, and what

organisations must change to stay ahead of evolving threats.





Horizon3.ai defines offensive security as using real-world attacker techniquesto identify and exploit weaknesses across IT environments-proving what's trulyat risk. Unlike passive security, which relies on layered defences withunverified effectiveness, NodeZero autonomously conducts safe, full-scale teststhat demonstrate exactly how attackers could compromise critical systems. Theresult: clear, actionable proof that enables teams to find, fix, and verifyvulnerabilities-before adversaries strike.Horizon3.ai highlights key findings from the report:- Vulnerability Scanning Falls Short - Despite 98% of organisations usingvulnerability scanning, only 34% find it highly effective due to falsepositives that hinder teams from focusing on real risks.- Credential-Based Attacks Remain a Major Risk - NodeZero successfully performedcredential dumping in over 28,000 cases, demonstrating the widespread risk ofweak credential practices and policies.- Patch Management Delays Leave Systems Exposed - Over half of practitioners(53%) and more than a third of security leaders (36%) admit to delayingpatches due to operational constraints, leaving critical vulnerabilities open.- Known Vulnerabilities Remain Unpatched - NodeZero exploited 229 knownvulnerabilities nearly 100,000 times in customer environments, demonstratingthat many organisations struggle to remediate even widely recognized threats."Security isn't about reacting-it's about outpacing your adversary," said SnehalAntani, CEO & Co-Founder of Horizon3.ai. "Too many organisations still confusecompliance for security, falling back on outdated assumptions and annual testingcycles. This report shows what modern defenders already know: you have to thinklike an attacker, validate like an operator, and build a security program thatstands up to real-world pressure."