Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
Intruder, an exposure management company, has published the 2026 Attack Surface Management Index. Based on anonymised data from 3,000 clients collected over the past year, the report examines common exposures, how quickly they are remediated, and differences across industries and organisation sizes.
Securing digital environments remains challenging, with over a quarter of cybersecurity teams exposing MySQL databases, which are frequently targeted in ransomware and data extortion attacks.
Released at a critical time, the findings come as the cybersecurity sector adapts to Mythos, an autonomous AI model capable of identifying zero-day vulnerabilities. This shortens the time between vulnerability discovery and potential exploitation, increasing pressure on organisations to secure internet-facing assets.
The Index groups attack surface exposures into HTTP panels, ports, services, databases, and other internet-facing information. Exposed databases were a major concern, with API documentation exposure also common, even more so than Remote Desktop Service (RDP) vulnerabilities.
Key findings from the report include:
As organisations grow, their exposure increases. Larger enterprises manage significantly more external assets than smaller businesses, adding complexity to security management. Companies with over 5,000 employees handle far more assets than smaller organisations, reflecting the scale of infrastructure they must secure.
This creates a bottleneck, especially in the midmarket. Smaller organisations typically remediate vulnerabilities within 18 days, while larger organisations can take up to an average of 56 days, particularly those with 5,000 to 10,000 employees.
Remediation speed also varies by sector. Highly regulated industries are faster, with banks resolving issues in around 11 days and retail in about 10 days on average. In contrast, insurance and non-banking financial services often take between 24 and 50 days.
Sectors such as automotive and pharmaceuticals continue to face challenges, with remediation times averaging over 40 days, leaving extended windows of exposure.
Overall, the 2026 Attack Surface Management Index provides insight into cybersecurity exposure trends and highlights the importance of faster, more consistent remediation across industries.
