Coalition, a provider of cyberinsurance, today published a report that predicted a 13% increase in the average number of vulnerabilities disclosed per month in 2023.
The report estimated more than 1,900 additional Common Vulnerabilities and Exposures (CVEs) per month will be disclosed in 2023, including 270 high-severity and 155 critical-severity vulnerabilities.
The report also noted the most CVEs are exploited within 90 days of public disclosure, with the majority exploited within the first 30 days.
Tiago Henriques, vice president of security research for Coalition, said the report suggested that while cybercriminals are not in an immediate rush to exploit new vulnerabilities, it’s only a matter of time before most CVEs are exploited. IT teams that promptly apply patches will thwart most of those attacks, he added. While it may take time for cybercriminals to develop an exploit, Henriques noted that scans involving attack vectors often emerge shortly after a proof-of-concept of a vulnerability is created. That suggests cybercriminals are closely monitoring cybersecurity research, he noted.