Organizations Only Prevent 6 out 10 Attacks

The Red Report 2024

The Top 10 MITRE ATT&CK Techniques Used by Adversaries


This is the top finding of our Blue Report 2023. In other words, security controls are not stopping about 4 out of every 10 attacks. 

Why aren’t organizations better able to protect their employees, partners, customers, intellectual property and finances? Why are successful breaches and attacks in the headlines every day?

With the Blue Report, we looked at the state of threat exposure management programs. Specifically, we analyzed the anonymized and aggregated results of 14 million simulated attack scenarios executed by Picus Security customers from January to June 2023. (We previously looked at how attackers are performing, by analyzing over 500,000 malware samples, in the Red Report 2023)

What is Threat Exposure Management?

Threat exposure management, sometimes referred to as continuous threat exposure management (CTEM), is an approach to cybersecurity in which organizations effectively prioritize potential risks and corresponding remediation efforts, particularly in the face of a rapidly expanding attack surface. To obtain the insights they need, CTEM programs integrate attack surface discovery, vulnerability management and security validation.

Security validation typically involves the use of breach and attack simulations (BAS) to discover, verify, prioritize and mitigate real-world threats to an organization’s networks and systems. BAS solutions allows organizations to proactively test their security posture and identify vulnerabilities before they are exploited by real attackers.

The success of a CTEM program can be measured by observing a substantial decrease in cyber risk, improved threat prevention and detection, and a shorter mean time to respond (MTTR). In addition, an effective CTEM program will show improved security control performance, better compliance with regulatory standards, and closer alignment with key business priorities.

Overall Performance: Threat Exposure Management

Overall, we found that organizations’ threat exposure management programs are often in poor shape. Organizations do not consistently prevent or detect cyber attacks. The reason is likely less about the quality or capability of the security controls they have in place, but more about how effectively organizations are utilizing these tools.

We found that security organizations only prevent just over half of attacks (59%) using their existing security controls, such as IPS, NGFW, or WAF solutions.

Only 59% of attacks were prevented.

Security organizations fared even worse when it came to detecting successful attacks. To start, they are failing to effectively log and identify attacks. A distressingly low percentage of attacks (37%) are successfully logged after infiltrating environments. Similarly, less than 1 in 6 (16%) of attacks trigger alerts, hampering security teams’ ability to identify and respond promptly to potential threats.


Only 37% of attacks were logged, and 16% were alerted.

Based on our experience running breach and attack simulations, many organizations will be surprised by these results due to a false sense of security. They do not realize the degree to which their existing controls are insufficient for detecting attacks, especially sophisticated ones.

Four “Impossible” Trade-Offs

Why aren’t organizations doing better? Our analysis identified four “impossible” trade-offs that organizations are making when it comes to managing their threat exposure. We say “impossible” because these are choices that security teams should have to make.

The four trade-offs are:

  1. Choosing between prevention and detection
  2. Choosing what to log and what alerts to trigger
  3. Choosing which types of attacks to prevent
  4. Choosing which vulnerabilities to patch

If you face similar challenges, continuous threat exposure management (CTEM) is one approach you can use to overcome these trade-offs. Organizations wanting to implement a CTEM program can look to Picus Security for a complete solution. 

Picus provides a CTEM solution, powered by our pioneering breach and attack simulations, to help organizations of all sizes to continuously validate and enhance their cyber resilience. Security teams can evaluate the effectiveness of their security controls, discover at-risk assets and identify high-risk attack paths that attackers could use to access critical systems and users. 

To learn more about these trade-offs, download the Blue Report 2023