IT departments have significantly reduced the time they take to patch their systems when new security vulnerabilities, viruses or worms become public.
The average time taken for IT departments to patch half of their external-facing systems has fallen to 19 days, down from 21 days a year ago, and 30 days two years ago, research from IT security supplier Qualys has revealed.
IT departments have reduced the time taken to patch half of their internal systems from 52 days to 48 days, according to an analysis of 32 million vulnerability scans of Qualys systems.
But businesses will need to improve their patching speed further if they are to keep one step ahead of hackers, said Gerhard Eschelbeck, chief technology officer at Qualys. He called for a 20% improvement in the next year.
The research showed that 80% of security exploits appear before companies patch half of their systems. Similarly, it showed worms cause most damage within the first 15 days of an outbreak.