New report shows half of websites were vulnerable to exploitation throughout 2021


SAN JOSE, CA., February 18, 2022 /PRNewswire/ — Application Security Division from NTT Ltd., a global leader in application security, today released AppSec Stats Flash: 2021 Year in Review, an analysis of data generated from over 15 million application security scans performed by organizations throughout 2021. The report focuses on changes in exposure window and remediation time data in industry verticals, such as healthcare, manufacturing, utilities, and retail, and aims to provide organizations with key actionable elements to secure their web applications in the modern threat landscape.

In the report, NTT Application Security researchers found that half (50%) of all sites tested were vulnerable to at least one severe exploitable vulnerability throughout 2021, while only 27% were vulnerable for less than thirty days. . Additionally, the report reveals a worrying downward trend in organizations’ critical vulnerability remediation rates, which fell from 54% to 47% during the year.

Key findings of the report include:

  • Half (50%) of all sites tested were vulnerable to at least one severe exploitable vulnerability throughout the year, while 27% of sites tested were vulnerable less than thirty days throughout the year.
  • The education sector had the longest time to resolve a critical vulnerability of any sector (523.5 days), nearly 335 days longer than public administration (188.6 days), which maintained the shortest lead time throughout the year.
  • The finance and insurance sector had the lowest percentage of perpetually exposed sites (43%), while professional, scientific and technical services had the highest percentage (65%).

“Marked by the attack on the Colonial Pipeline and the ongoing fallout of Log4j, the events of 2021 have brought application security to the forefront of the media and wider public conversation,” said Craig Hinkley, general manager of NTT Application Security. “Despite increased pressure to address critical vulnerabilities in public and private sector applications, there is evidence to suggest this has inadvertently led to an overall negative outcome, as these initiatives appear to have been a compromise with – rather than an addition – to the existing remediation Going forward, it is essential that application security programs evolve towards a more holistic approach that combines robust security testing, strategic remediation efforts, and contextual training of developers, development operations and security operations personnel.

The report also examines the most common types of security vulnerabilities discovered during application security testing throughout 2021. Information leakage, insufficient session timeout, insufficient transport layer protection, cross-site scripting and spoofing were found to be the five most likely vulnerability classes identified throughout the year. the year.

Those interested in learning more about the results can download the report today or visit here to find previous AppSec Stats Flash reports examining the state of application security on a monthly basis.

For more information on NTT’s Application Security division and its recently launched WhiteHat Vantage platform, please visit

About NTT
NTT Ltd. is one of the world’s leading technology services companies. By working with organizations around the world, we achieve business results through smart technology solutions. For us, smart means data-driven, connected, digital and secure. Our global assets and integrated ICT stack capabilities deliver unique offerings in cloud networking, hybrid cloud, data centers, digital transformation, customer experience, workplace and cybersecurity. As a global ICT provider, we employ more than 40,000 people in a diverse and dynamic workplace that spans 57 countries, operates in 73 countries, and provides services in more than 200 countries and regions. Together, we make the connected future possible. Visit us at

Media Contact
Chris Marsh
Senior Manager, Analyst Relations and Communications
NTT Application Security
[email protected]

Allison Arvanite
Lumina Communications for NTT Application Security
[email protected]



Comments are closed.