Organizations have more visibility into cloud cybersecurity risks today than ever before. Security tools continuously detect vulnerabilities, flag misconfigurations, and generate detailed threat intelligence. Yet, despite this unprecedented awareness, most cloud security incidents still stem from known risks.
The ZEST Cloud Risk Exposure Impact Report 2025 delivers a striking revelation: 62% of incidents originate from vulnerabilities that security teams had already identified but failed to remediate. The fundamental issue isn’t detection—it’s execution. Security professionals are aware of the threats, but they struggle to close the loop before attackers strike.
“In my experience leading incident response teams, I’ve found that in nearly every case, the vulnerability or misconfiguration used to gain initial access was something the security team already knew about,” explained Mor Levi, VP of security at Salesforce. “For some reason, though, it wasn’t fixed—maybe it was de-prioritized because it required too much effort to remediate, there was no patch available, or the system was too outdated to upgrade.”
Snir Ben Shimol, CEO and co-founder of ZEST Security, explains the root of this paradox. “Today’s security stack is rich with great tools to identify security risks, misconfigurations, and vulnerabilities. However, there is a gap within organizations around remediation technologies. Remediations and mitigations—what we call ‘resolution’—are still a 90% manual process.”
With security teams bogged down by complex remediation workflows that require coordination across engineering, DevOps, and security teams, threats linger in backlog queues, waiting for exploitation.
The 10X Remediation Gap: How Attackers Move Faster Than Defenders
The most alarming finding in ZEST’s report is the widening gap between remediation speed and attacker agility. While security teams often take weeks or even months to remediate critical vulnerabilities, attackers now exploit them within five days on average, according to Mandiant’s latest threat intelligence research. This discrepancy allows adversaries to strike long before defenders can act.
The backlog of unresolved issues grows, with over 100 open critical risk tickets at any given time for most organizations. Meanwhile, cybercriminals have adopted AI to automate their attacks, increasing both speed and sophistication.
“While threat actors are leveraging AI to increase their capabilities and speed, organizations are still behind—relying solely on people and processes without AI technology,” says Shimol. “It takes security teams weeks, if not months, to manually identify the root cause of an issue. The ‘where’ to remediate is the biggest technical barrier today.”
This problem is exacerbated by the fact that more than 50% of critical security issues cannot be fully remediated, forcing security teams to explore alternative mitigation strategies.
The Growing Cost of Delayed Action
Beyond the immediate security implications, slow remediation carries an immense financial toll. Security teams report spending over $2 million annually on remediation efforts, excluding the additional costs associated with breaches, regulatory fines, and reputational damage. The backlog of security tickets doesn’t just represent operational inefficiency—it translates directly into increased exposure, heightened risk, and significant financial strain.
The disconnect between risk detection and resolution is now a defining challenge for security teams. While security professionals work tirelessly to manage vulnerabilities, the lack of scalable, AI-driven remediation solutions means that many threats remain unresolved for months. In an industry that often touts the importance of “shifting left,” the reality is that organizations are struggling to move forward at all.
Breaking the Cycle: A Shift in Strategy
Recognizing the urgent need for faster remediation, organizations are shifting from visibility-driven security models to remediation-focused strategies. The conversation is no longer about merely identifying threats but about acting on them with speed and efficiency.
Three key changes are shaping the future of remediation:
Effort-Based Prioritization: Security teams are moving beyond traditional risk-ranking models and instead prioritizing vulnerabilities where a single remediation action can eliminate multiple risks. Organizations that adopt this approach report faster backlog reduction and greater overall security gains.
Automation for Speed and Efficiency: The manual effort required to investigate, assign, and resolve security tickets is unsustainable. As a result, teams are investing in automation to accelerate triage, root cause analysis, and ticket ownership assignment, cutting through the noise and ensuring high-impact fixes are implemented first.
Mitigating Controls as a Safety Net: Not all risks can be fully remediated, but they can still be contained. 84% of security teams in ZEST’s survey are actively deploying mitigation strategies, such as Web Application Firewalls, identity restrictions, and network segmentation, to reduce exposure while they work toward long-term solutions.
The Future of Remediation: Compliance and Regulation Will Force Change
The speed of modern cyber threats is beginning to push regulatory bodies toward stricter compliance measures. As attackers exploit vulnerabilities in days, governments and industry regulators are tightening their expectations for patching known security risks.
“We are already seeing regulatory bodies like the SEC demanding tighter and almost impossible SLA timelines for remediation,” notes Shimol. “Regulators have realized that visibility alone does not guarantee security. Organizations are now being required to build Risk Resolution Plans—just as they were once required to develop Incident Response Plans in response to ransomware threats.”
This shift means that security teams can no longer afford to treat remediation as a best-effort initiative. Faster resolution times will become a compliance mandate, and failure to act could lead to penalties as severe as those imposed for data breaches themselves.
The Race to Close Known Risks
The ZEST Cloud Risk Exposure Impact Report 2025 serves as a wake-up call for the security industry. The problem is not a lack of awareness but an urgent need for remediation at scale. Organizations should move beyond risk detection and consider AI-driven remediation, automation, and strategic prioritization to finally break the cycle of known but unresolved threats.
The cybersecurity landscape is shifting rapidly, and the industry is at an inflection point. Attackers are getting faster. Regulators are demanding more. The future of security will belong to those who act as quickly as they detect. The question is, will organizations adapt in time to keep up?