SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Small business office employees patching computer servers amid ai threats
#
Advanced Persistent Threat Protection
#
Cartech
#
CASB

Small businesses faster at fixing cyber flaws as AI risk grows

Fri, 24th Oct 2025
Author image
By Catherine Knowles, Journalist

A new report has highlighted the persistent cybersecurity challenges small and midsize businesses (SMBs) face as they contend with a growing range of vulnerabilities and increasingly sophisticated threats.

The 2025 Exposure Management Index, published by Intruder, examined critical vulnerabilities affecting SMBs and analysed how these organisations are responding to an evolving risk landscape. The report is based on data gathered from thousands of customer environments and outlines trends in remediation speed, industry-specific risk, and the most prevalent threats currently impacting smaller companies.

Vulnerability remediation

The report found that SMBs are fixing critical security issues faster than they have in previous years. According to the Index, 89% of critical vulnerabilities identified were remediated within 30 days, representing a 14% improvement from 2024 levels. The agility of smaller organisations enables them to resolve critical issues in an average of 14 days, compared with 17 days on average for larger organisations with 51 to 2,000 employees. The slower pace in larger companies is attributed to more complicated processes for approvals and testing before fixes can be deployed.

Among different sectors, the software industry resolves vulnerabilities most quickly, with an average remediation time of 13 days. This is followed by the financial services sector, which averages 22 days, a likely result of regulatory requirements and comparatively larger security budgets.

"For small and mid cap organizations, cybersecurity is a structural challenge - they face the same vulnerability landscape as large enterprises but with fewer resources, smaller budgets, and leaner teams. As a result, cyberattacks can be much more devastating to SMBs and can cause an entire organization to lose its livelihood. Intruder is releasing this report to provide effective and actionable knowledge, because cybersecurity shouldn't be a luxury reserved for those with the deepest pockets."

This perspective from Chris Wallis, Chief Executive Officer at Intruder, underscores the challenges faced by smaller firms, who must address the same types of vulnerabilities as larger businesses but often lack equivalent resources.

Threat landscape and the role of AI

The report identified a concerning trend: AI-assisted tools are making it easier for attackers to exploit known vulnerabilities, including some that date back one, two, or even three years. The rise of AI in cyberattack techniques has lowered the barrier for attackers to develop new exploits, leading to an accelerated pace of attacks and greater risk for businesses with unpatched systems.

While emergent threats such as the zero-day ToolShell vulnerability are of immediate concern, long-known vulnerabilities remain significant risks when left unaddressed. Intruder warned that failing to patch vulnerabilities quickly can lead to post-exploitation scenarios even within days of initial disclosure.

Changing technology, persistent risk

2025 has seen new sources of risk, including the widespread adoption of cloud technologies and the increased use of AI-generated code. According to the report, some teams are deploying AI-created code without sufficient security review, introducing potential errors or gaps that could be exploited.

Shadow IT-technology used within organisations without explicit approval-continues to expose data and expand attack surfaces. SMB vendors, who often form part of larger supply chains, remain attractive targets for attackers seeking leverage over bigger businesses. Notable incidents highlighted in the report include UK and European air travel disruptions and a cyberattack that affected Jaguar Land Rover's production lines.

Intruder's data shows that, in 2024, its customers faced an average of 474 critical and high vulnerabilities. In 2025, while the average number of critical vulnerabilities per organisation is expected to reach 198, high-severity vulnerabilities are projected to rise from 281 to 334. The expanding number of threats makes it increasingly difficult for resource-constrained IT teams to focus on the most significant risks.

Prevalent vulnerabilities

Intruder's security team pinpointed the top five vulnerabilities across SMB customers:

  • Apache Tomcat Remote Code Execution (CVE-2025-24813) - identified as the single most common critical vulnerability.
  • ToolShell (CVE-2025-53770) - a zero-day exploit that required minimal technical know-how and was rapidly targeted due to a delay between disclosure and patch availability.
  • Palo Alto Auth Bypass (CVE-2025-0108) - exploiting failures in authentication controls and highlighting repeated challenges with management interfaces on security devices.
  • Apache mod_rewrite RCE (CVE-2024-38475) - a vulnerability from 2024 that remains relevant due to the wide use of the affected web server module.
  • Fortinet perimeter vulnerabilities (CVE-2024-55591 & CVE-2025-32756) - ongoing risks related to edge appliances, which are difficult for companies to replace rapidly and so must be patched swiftly.

The report noted that only a small percentage of the thousands of CVEs published annually become the focus of large-scale exploitation or pose substantial real-world impact, reinforcing the importance of prioritising efforts based on likely risk.

Methodology

The findings in the 2025 Exposure Management Index are based on detailed analysis of attack surfaces and infrastructures across thousands of SMB customers, with employee numbers ranging from 1 to 2,000. The report tracks exposure trends, responses, and lessons that can be drawn from remediation patterns in these organisations.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Ping Identity launches platform to secure & manage AI agents
Gigamon unveils quantum-safe cryptography in GigaVUE update
Barracuda unveils AI assistant to boost security team efficiency
Fortinet reports strong Q3 revenue growth & SASE adoption surge
Apptio unveils FinOps tools to tackle soaring AI cloud costs

Top stories

EXOq research hub to boost Oxford region by GBP £1.4 billion
Hexaware boosts cybersecurity with strategic CyberSolve acquisition
Geneva launches first citywide quantum network for research & industry
Avanade unveils suite of Microsoft-powered tools for midmarket firms
Forrester predicts AI errors to cost B2B firms over USD $10 billion