{"id":1605,"date":"2025-07-15T05:00:00","date_gmt":"2025-07-15T12:00:00","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=1605"},"modified":"2025-10-03T23:10:10","modified_gmt":"2025-10-04T06:10:10","slug":"what-over-2-million-assets-reveal-about-industry-vulnerability","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/","title":{"rendered":"What Over 2 Million Assets Reveal About Industry Vulnerability"},"content":{"rendered":"\n<p>Today we\u2019re releasing findings from a statistical sample of over 2 million internet-exposed assets, across on-prem, cloud, APIs, and web apps, discovered and analyzed by the CyCognito platform.&nbsp;<\/p>\n\n\n\n<p>The analysis focused on identifying exploitable assets across several key industries, using techniques that simulate real-world attacker behavior, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Black-box pentesting<\/strong> using 90,000+ exploit modules, credential stuffing simulations, data exposure detection, etc.<\/li>\n\n\n\n<li><strong>Dynamic Application Security Testing<\/strong> (DAST) to identify runtime web application vulnerabilities.<\/li>\n\n\n\n<li><strong>Active vulnerability scanning<\/strong> of internet-facing services to detect CVEs, misconfigurations, and exposed assets.<\/li>\n<\/ul>\n\n\n\n<p>In a year defined by rising geopolitical tensions, stricter cyber disclosure mandates, and a series of high-profile breaches, the timing of this research is no coincidence.<\/p>\n\n\n\n<p>As security leaders face growing pressure to demonstrate control over their digital perimeter, internet-facing assets remain the biggest unknown &#8211; often invisible until it\u2019s too late.<\/p>\n\n\n\n<p>By sharing these findings our goal isn\u2019t just to highlight where vulnerabilities concentrate, but to expose why surface scans and static inventories continue to miss the risks that turn into tomorrow\u2019s headlines.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Methodology<\/strong><\/h5>\n\n\n\n<p><em>This analysis is based on a random sample of over 2 million internet-exposed cloud assets, drawn from a broader dataset identified and analyzed by the CyCognito platform between January 1, 2024, and June 2025. The sample is meant to provide statistically meaningful insights into vulnerability patterns across different industries, focusing on three commonplace asset types: APIs, web applications, and cloud infrastructure. <\/em><em><br><\/em><em><br><\/em><em>Each of the assets was attributed to its rightful business owner using CyCognito\u2019s proprietary attribution engine, and its respective industry, aligned with the Global Industry Classification Standard (GICS).<\/em><\/p>\n\n\n\n<p><em>Vulnerable assets were flagged based on a combination of known exploitable issues, exposed sensitive data, outdated software, and other misconfigurations validated through non-intrusive automated testing, etc.<\/em><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What\u2019s Exposed? A Cross-Asset View<\/h2>\n\n\n\n<p>Zooming out, here&#8217;s how vulnerability breaks down across the three asset types:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXfsyr7XdkVnjPQoXb--HVfuITUJI_I-jhJLqkyuK0tY3GvH9I1wG1YVKe-XfofrxeupDaLdXt5C08KTUX06KJtBxIlRdkTDsCcyZGKiQY9w9W3d0j23VVyfBsuntHnAyoQLiXDuFg?key=p_fIv0WcrgrMw7U29OcvRg\" alt=\"\" title=\"Chart\"\/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cloud assets:<\/strong> 13.6%<br><\/li>\n\n\n\n<li><strong>APIs:<\/strong> 20.8%<br><\/li>\n\n\n\n<li><strong>Web applications:<\/strong> 19.6%<\/li>\n<\/ul>\n\n\n\n<p>As one would expect, APIs and web applications represent the highest concentration of risk. Their proliferation &#8211; especially via shadow IT and third-party integrations &#8211; makes them easy to introduce and hard to govern.<\/p>\n\n\n\n<p>When viewed industry by industry, the distribution of vulnerable vs. non-vulnerable assets varies \u2013 sometimes dramatically:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXf0dFiEhT_xCafu5w0bPiSryHqek4tWaNafI2yW_KYz_RCNZ9mLsdJIpMbXamsI2tjHUwURtWI2NZ1vSsW4dpHxF08uISOS3CqSYPw2RH91GILN2Ivv8OFFIgSWHoTne4rBfUVRUA?key=p_fIv0WcrgrMw7U29OcvRg\" alt=\"\" title=\"Chart\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Industry<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\"><strong>Vulnerable Assets<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\"><strong>Non-Vulnerable Assets<\/strong><\/td><\/tr><tr><td>Construction<\/td><td class=\"has-text-align-center\" data-align=\"center\">18%<\/td><td class=\"has-text-align-center\" data-align=\"center\">82%<\/td><\/tr><tr><td>Education<\/td><td class=\"has-text-align-center\" data-align=\"center\">31%<\/td><td class=\"has-text-align-center\" data-align=\"center\">69%<\/td><\/tr><tr><td>Energy<\/td><td class=\"has-text-align-center\" data-align=\"center\">18%<\/td><td class=\"has-text-align-center\" data-align=\"center\">82%<\/td><\/tr><tr><td>Finance<\/td><td class=\"has-text-align-center\" data-align=\"center\">5%<\/td><td class=\"has-text-align-center\" data-align=\"center\">95%<\/td><\/tr><tr><td>Government<\/td><td class=\"has-text-align-center\" data-align=\"center\">26%<\/td><td class=\"has-text-align-center\" data-align=\"center\">74%<\/td><\/tr><tr><td>Health Care &amp; Insurance<\/td><td class=\"has-text-align-center\" data-align=\"center\">16%<\/td><td class=\"has-text-align-center\" data-align=\"center\">84%<\/td><\/tr><tr><td>Hospitality<\/td><td class=\"has-text-align-center\" data-align=\"center\">15%<\/td><td class=\"has-text-align-center\" data-align=\"center\">85%<\/td><\/tr><tr><td>Manufacturing<\/td><td class=\"has-text-align-center\" data-align=\"center\">19%<\/td><td class=\"has-text-align-center\" data-align=\"center\">81%<\/td><\/tr><tr><td>Media<\/td><td class=\"has-text-align-center\" data-align=\"center\">21%<\/td><td class=\"has-text-align-center\" data-align=\"center\">79%<\/td><\/tr><tr><td>Professional Services<\/td><td class=\"has-text-align-center\" data-align=\"center\">28%<\/td><td class=\"has-text-align-center\" data-align=\"center\">72%<\/td><\/tr><tr><td>Retail<\/td><td class=\"has-text-align-center\" data-align=\"center\">27%<\/td><td class=\"has-text-align-center\" data-align=\"center\">73%<\/td><\/tr><tr><td>Technology<\/td><td class=\"has-text-align-center\" data-align=\"center\">15%<\/td><td class=\"has-text-align-center\" data-align=\"center\">85%<\/td><\/tr><tr><td>Telecommunications<\/td><td class=\"has-text-align-center\" data-align=\"center\">15%<\/td><td class=\"has-text-align-center\" data-align=\"center\">85%<\/td><\/tr><tr><td>Transport<\/td><td class=\"has-text-align-center\" data-align=\"center\">12%<\/td><td class=\"has-text-align-center\" data-align=\"center\">88%<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Top 5 Most Exposed Industries: Beyond the Statistics&nbsp;<\/h2>\n\n\n\n<p>Importantly, these numbers are more than abstract statistics, they\u2019re signals of real-world consequences already unfolding.&nbsp;<\/p>\n\n\n\n<p>Each percentage point represents a potential incident, a compromised system, or a breach waiting to happen. Behind the data are actual events &#8211; many recent, some still under investigation &#8211; that validate these findings and suggest that without urgent improvements, more headlines are inevitable.<\/p>\n\n\n\n<p>Here is how this comes into play across top top five most vulnerable industries:<\/p>\n\n\n\n<p><strong>1. Education<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud: 17.6% | APIs: 37.7% | Web Apps: 35.3%<br><\/li>\n<\/ul>\n\n\n\n<p>Rising digital adoption, limited security investment, and sprawling infrastructure make education a perfect storm for attackers. The<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/powerschool-hack-exposes-student-teacher-data-from-k-12-districts\/?utm_source=chatgpt.com\"> December 2024 PowerSchool breach<\/a> exposed millions of records, spotlighting sector-wide weaknesses.<br><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXfnNYt-hXzto6CfC79QtF3vbXoB0BBtdVmcAqKZx901nHP0zOA2AEwULzHunarYtj19mrxL9VqZ3-yrMoK4YOq7bvsdyk2Fo1HouLooSneCgMJROBIdJTQe3SLyv90ROMjdEH_9jA?key=p_fIv0WcrgrMw7U29OcvRg\" alt=\"\" title=\"Chart\"\/><\/figure>\n\n\n\n<p><strong>2. Retail<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud: 23.3% | APIs: 29.8% | Web Apps: 30.9%&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Retail&#8217;s complexity and third-party dependencies create persistent blind spots. The April 2025<a href=\"https:\/\/www.cybersecuritydive.com\/news\/ms-cyberattack-400-million\/748710\/?utm_source=chatgpt.com\"> Marks &amp; Spencer breach<\/a> exploited a supplier vulnerability, resulting in data loss and estimated losses over \u00a3300 million.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXdO3SCeKW8PfbOeAli-HA4ExhmDrfITnoz_CxsBc4Zguh0CPPRAR4U-vsOIwlJjDE-VymlxaX7ShsueFMRpbS60rTQAuZVUmyyeAZQ0_I9ckDT8DMRsQdTJkDHS7HmHzcMnPfh5?key=p_fIv0WcrgrMw7U29OcvRg\" alt=\"\" title=\"Chart\"\/><\/figure>\n\n\n\n<p><strong>3. Government<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud: 18.4% | APIs: 18.5% | Web Apps: 30.4%&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Public sector assets are increasingly targeted by state-sponsored actors. A<a href=\"https:\/\/www.dhs.gov\/sites\/default\/files\/2024-10\/24_0930_ia_24-320-ia-publication-2025-hta-final-30sep24-508.pdf?utm_source=chatgpt.com\"> 2025 Homeland Threat Assessment<\/a> from DHS warned of intensified nation-state cyber campaigns targeting critical government infrastructure.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXfkFbwksXqJWU1joijOqYrI5OiMlhdwOcBEjYa5r3ux9p3bdQ9NOQJlAZeTcvABG0dCSM5QH-rf8eJqbXP0aiDdPgWvRFoOmHiTMBTEutZt0k6PS8y2WxsqcA6D9iLQLWvdhGryew?key=p_fIv0WcrgrMw7U29OcvRg\" alt=\"\" title=\"Chart\"\/><\/figure>\n\n\n\n<p><strong>4. Professional Services<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud: 25% | APIs: 10.6% | Web Apps: 30.1%&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Despite lower API exposure, the sector shows high vulnerability in web and cloud due to fragmented IT environments and decentralized client delivery. In 2024,<a href=\"https:\/\/consumervoice.uk\/legal\/capita-may-be-forced-to-compensate-people-exposed-to-cybersecurity-risk-after-hack\/?utm_source=chatgpt.com\"> Capita suffered a breach<\/a> affecting internal systems tied to misconfigured internet-facing assets.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXegumrn0410eMtk0qzLR8evAVm7ig7N_Hmtnmv6Msnjq8r9O0GRrSM1cDlesa7qInCk8KNw6kuh9736Cw3HWByTnjtuuawL4p745wWnu_-PKiHEzBK1BVsk3LJV3-OoyuDUaJ5-Dg?key=p_fIv0WcrgrMw7U29OcvRg\" alt=\"\" title=\"Chart\"\/><\/figure>\n\n\n\n<p><br><strong>5. Media<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud: 13.8% | APIs: 18.8% | Web Apps: 25.7%&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Media platforms prioritize delivery speed and content availability &#8211; often at the expense of hardening controls. The<a href=\"https:\/\/cisotimes.com\/vice-media-data-breach-exposes-personal-and-financial-information-of-over-1700-individuals\/?utm_source=chatgpt.com\"> Vice Media breach in late 2023<\/a> exposed internal systems, highlighting risks in CMS and adtech APIs.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXerK6tbiCezj0oa2hu1ZlwPcZ5gHMb7PVLZiBP1d15Dl0z9DMcuh3gvd_wsCNpYvLcHWGXujWH3xhdrSL3uzvFAfd7axoe78-jiZJ8Eg6fSxSMYVzPkfqreu6ElvCrMKd_xKokD0g?key=p_fIv0WcrgrMw7U29OcvRg\" alt=\"\" title=\"Chart\"\/><\/figure>\n\n\n\n<p>Notably, each of these industries carries a distinct risk signature. For education, it\u2019s often the concentration of sensitive personal data on undermanaged and outdated systems.&nbsp;<\/p>\n\n\n\n<p>For retail, it&#8217;s often the reliance on interconnected vendors and e-commerce platforms that expand the attack surface. For government systems, it is often the combination of legacy technology and publicly exposed services that create points of vulnerability.&nbsp;<\/p>\n\n\n\n<p>Professional services face compounded exposure due to client-specific environments and asset sprawl. And media\u2019s drive for publishing velocity often outpaces governance, leaving APIs and CMS platforms as recurring weak points.<\/p>\n\n\n\n<p>While on paper two industries might show similar percentages of vulnerabilities, across one or more asset types, the type of damage those could cause varies widely. For example, an exposed university app might leak vast amounts of personally identifiable information (PII), triggering reputational damage, regulatory violations, and public backlash.&nbsp;<\/p>\n\n\n\n<p>As serious as that is, the impact might be dwarfed by a vulnerable edge device in a telecom or government network, where exploitation might serve as a pivot point for lateral movement, privilege escalation, and long-dwell attacks that quietly compromise critical infrastructure from the inside out.&nbsp;<\/p>\n\n\n\n<p>Understanding the context of who owns the asset, what it does, and especially how attackers see it in the context of a broader network is where real exposure management takes place.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Shared Understanding<\/h2>\n\n\n\n<p>Security threats are diverse, and so are the ways they are measured and perceived. The above report offers one perspective, based on data observed through the CyCognito platform, serving as a piece of a larger puzzle.<\/p>\n\n\n\n<p>Attack surfaces are dynamic, and risks are constantly evolving. No single analysis can (or should) claim to capture it all. That\u2019s why we believe information sharing between security vendors is essential, and this is us doing our part by offering a window into what we see in our day-to-day work.<\/p>\n\n\n\n<p>By contributing our findings, we hope to support a broader awareness, helping defenders, decision-makers, and organizations make more informed choices. We believe that shared insight leads to shared resilience. The more viewpoints we bring together, the better equipped we are to protect what matters.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We analyzed more than two million internet-exposed assets across cloud, on-prem, APIs, and web apps, discovered by our platform over the past 18 months. Using attacker-simulated testing, including black-box pentesting, dynamic application security testing (DAST), and active vulnerability scanning, we mapped how exploitable exposures cluster by industry and asset type. The results reveal systemic weaknesses in how organizations govern their digital perimeter, especially in environments shaped by rapid growth, third-party dependencies, and fragmented ownership. <\/p>\n","protected":false},"author":37,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[229,3],"tags":[6,16,32],"class_list":["post-1605","post","type-post","status-publish","format-standard","hentry","category-featured","category-research","tag-attack-surface-management","tag-research","tag-risk-management"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What Over 2 Million Assets Reveal About Industry Vulnerability | CyCognito Blog<\/title>\n<meta name=\"description\" content=\"We analyzed 2M+ internet-exposed assets to reveal how attacker-simulated testing uncovers systemic gaps in digital perimeter governance.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What Over 2 Million Assets Reveal About Industry Vulnerability | CyCognito Blog\" \/>\n<meta property=\"og:description\" content=\"We analyzed 2M+ internet-exposed assets to reveal how attacker-simulated testing uncovers systemic gaps in digital perimeter governance.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"CyCognito Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-15T12:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-04T06:10:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXfsyr7XdkVnjPQoXb--HVfuITUJI_I-jhJLqkyuK0tY3GvH9I1wG1YVKe-XfofrxeupDaLdXt5C08KTUX06KJtBxIlRdkTDsCcyZGKiQY9w9W3d0j23VVyfBsuntHnAyoQLiXDuFg?key=p_fIv0WcrgrMw7U29OcvRg\" \/>\n<meta name=\"author\" content=\"Zohar Venturero\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Zohar Venturero\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/\"},\"author\":{\"name\":\"Zohar Venturero\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/2fd10a7c57781a915443728cb8b4e525\"},\"headline\":\"What Over 2 Million Assets Reveal About Industry Vulnerability\",\"datePublished\":\"2025-07-15T12:00:00+00:00\",\"dateModified\":\"2025-10-04T06:10:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/\"},\"wordCount\":1008,\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXfsyr7XdkVnjPQoXb--HVfuITUJI_I-jhJLqkyuK0tY3GvH9I1wG1YVKe-XfofrxeupDaLdXt5C08KTUX06KJtBxIlRdkTDsCcyZGKiQY9w9W3d0j23VVyfBsuntHnAyoQLiXDuFg?key=p_fIv0WcrgrMw7U29OcvRg\",\"keywords\":[\"Attack Surface Management\",\"Research\",\"Risk Management\"],\"articleSection\":[\"Featured\",\"Research\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/\",\"name\":\"What Over 2 Million Assets Reveal About Industry Vulnerability | CyCognito Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXfsyr7XdkVnjPQoXb--HVfuITUJI_I-jhJLqkyuK0tY3GvH9I1wG1YVKe-XfofrxeupDaLdXt5C08KTUX06KJtBxIlRdkTDsCcyZGKiQY9w9W3d0j23VVyfBsuntHnAyoQLiXDuFg?key=p_fIv0WcrgrMw7U29OcvRg\",\"datePublished\":\"2025-07-15T12:00:00+00:00\",\"dateModified\":\"2025-10-04T06:10:10+00:00\",\"description\":\"We analyzed 2M+ internet-exposed assets to reveal how attacker-simulated testing uncovers systemic gaps in digital perimeter governance.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/#primaryimage\",\"url\":\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXfsyr7XdkVnjPQoXb--HVfuITUJI_I-jhJLqkyuK0tY3GvH9I1wG1YVKe-XfofrxeupDaLdXt5C08KTUX06KJtBxIlRdkTDsCcyZGKiQY9w9W3d0j23VVyfBsuntHnAyoQLiXDuFg?key=p_fIv0WcrgrMw7U29OcvRg\",\"contentUrl\":\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXfsyr7XdkVnjPQoXb--HVfuITUJI_I-jhJLqkyuK0tY3GvH9I1wG1YVKe-XfofrxeupDaLdXt5C08KTUX06KJtBxIlRdkTDsCcyZGKiQY9w9W3d0j23VVyfBsuntHnAyoQLiXDuFg?key=p_fIv0WcrgrMw7U29OcvRg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cycognito.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What Over 2 Million Assets Reveal About Industry Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"name\":\"Cycognito Blog\",\"description\":\"Research, Product News and Latest Updates\",\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\",\"name\":\"Cycognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"width\":1720,\"height\":550,\"caption\":\"Cycognito\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/2fd10a7c57781a915443728cb8b4e525\",\"name\":\"Zohar Venturero\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/fc4816d8dbac3d522830203823e6a256?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/fc4816d8dbac3d522830203823e6a256?s=96&d=mm&r=g\",\"caption\":\"Zohar Venturero\"},\"description\":\"Data Scientist\",\"url\":\"https:\/\/www.cycognito.com\/blog\/author\/zohar-venturero\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What Over 2 Million Assets Reveal About Industry Vulnerability | CyCognito Blog","description":"We analyzed 2M+ internet-exposed assets to reveal how attacker-simulated testing uncovers systemic gaps in digital perimeter governance.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/","og_locale":"en_US","og_type":"article","og_title":"What Over 2 Million Assets Reveal About Industry Vulnerability | CyCognito Blog","og_description":"We analyzed 2M+ internet-exposed assets to reveal how attacker-simulated testing uncovers systemic gaps in digital perimeter governance.","og_url":"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/","og_site_name":"CyCognito Blog","article_published_time":"2025-07-15T12:00:00+00:00","article_modified_time":"2025-10-04T06:10:10+00:00","og_image":[{"url":"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXfsyr7XdkVnjPQoXb--HVfuITUJI_I-jhJLqkyuK0tY3GvH9I1wG1YVKe-XfofrxeupDaLdXt5C08KTUX06KJtBxIlRdkTDsCcyZGKiQY9w9W3d0j23VVyfBsuntHnAyoQLiXDuFg?key=p_fIv0WcrgrMw7U29OcvRg","type":"","width":"","height":""}],"author":"Zohar Venturero","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Zohar Venturero","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/#article","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/"},"author":{"name":"Zohar Venturero","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/2fd10a7c57781a915443728cb8b4e525"},"headline":"What Over 2 Million Assets Reveal About Industry Vulnerability","datePublished":"2025-07-15T12:00:00+00:00","dateModified":"2025-10-04T06:10:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/"},"wordCount":1008,"publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXfsyr7XdkVnjPQoXb--HVfuITUJI_I-jhJLqkyuK0tY3GvH9I1wG1YVKe-XfofrxeupDaLdXt5C08KTUX06KJtBxIlRdkTDsCcyZGKiQY9w9W3d0j23VVyfBsuntHnAyoQLiXDuFg?key=p_fIv0WcrgrMw7U29OcvRg","keywords":["Attack Surface Management","Research","Risk Management"],"articleSection":["Featured","Research"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/","url":"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/","name":"What Over 2 Million Assets Reveal About Industry Vulnerability | CyCognito Blog","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/#primaryimage"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXfsyr7XdkVnjPQoXb--HVfuITUJI_I-jhJLqkyuK0tY3GvH9I1wG1YVKe-XfofrxeupDaLdXt5C08KTUX06KJtBxIlRdkTDsCcyZGKiQY9w9W3d0j23VVyfBsuntHnAyoQLiXDuFg?key=p_fIv0WcrgrMw7U29OcvRg","datePublished":"2025-07-15T12:00:00+00:00","dateModified":"2025-10-04T06:10:10+00:00","description":"We analyzed 2M+ internet-exposed assets to reveal how attacker-simulated testing uncovers systemic gaps in digital perimeter governance.","breadcrumb":{"@id":"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/#primaryimage","url":"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXfsyr7XdkVnjPQoXb--HVfuITUJI_I-jhJLqkyuK0tY3GvH9I1wG1YVKe-XfofrxeupDaLdXt5C08KTUX06KJtBxIlRdkTDsCcyZGKiQY9w9W3d0j23VVyfBsuntHnAyoQLiXDuFg?key=p_fIv0WcrgrMw7U29OcvRg","contentUrl":"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXfsyr7XdkVnjPQoXb--HVfuITUJI_I-jhJLqkyuK0tY3GvH9I1wG1YVKe-XfofrxeupDaLdXt5C08KTUX06KJtBxIlRdkTDsCcyZGKiQY9w9W3d0j23VVyfBsuntHnAyoQLiXDuFg?key=p_fIv0WcrgrMw7U29OcvRg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.cycognito.com\/blog\/what-over-2-million-assets-reveal-about-industry-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cycognito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"What Over 2 Million Assets Reveal About Industry Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/www.cycognito.com\/blog\/#website","url":"https:\/\/www.cycognito.com\/blog\/","name":"Cycognito Blog","description":"Research, Product News and Latest Updates","publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cycognito.com\/blog\/#organization","name":"Cycognito","url":"https:\/\/www.cycognito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","width":1720,"height":550,"caption":"Cycognito"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/2fd10a7c57781a915443728cb8b4e525","name":"Zohar Venturero","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/fc4816d8dbac3d522830203823e6a256?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fc4816d8dbac3d522830203823e6a256?s=96&d=mm&r=g","caption":"Zohar Venturero"},"description":"Data Scientist","url":"https:\/\/www.cycognito.com\/blog\/author\/zohar-venturero\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/1605","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/users\/37"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/comments?post=1605"}],"version-history":[{"count":7,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/1605\/revisions"}],"predecessor-version":[{"id":1618,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/1605\/revisions\/1618"}],"wp:attachment":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/media?parent=1605"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/categories?post=1605"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/tags?post=1605"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}