Log4j Remediation Took Weeks or More for Over 50% of Organizations

(ISC)² survey also found that half of cybersecurity teams worldwide worked on fixing Log4j issues on weekends and during time off.

Dark Reading Staff, Dark Reading

February 23, 2022

1 Min Read
Dark Reading logo in a gray background | Dark Reading

It indeed was an all-hands-on-deck job for organizations around the globe when the Log4j vulnerability was exposed: a new (ISC)² study found that 52% of security teams spent weeks or more than a month fixing the flaw in their networks — and some 48% did so on weekends and during their holiday time.

Around 27% of respondents to the (ISC)² survey say their organizations were less secure during the remediation process, and 23% report that their 2020 security priorities were delayed due to the intense focus on Log4j fixes.

"The main takeaway from the Log4j crisis and this data is that dedicated cybersecurity professionals are spread thin and need more support to effectively remediate zero-day exploits while still maintaining overall security operations," Clar Rosso, CEO of (ISC)², said in a statement. "Log4j is one critical vulnerability of many and it's only a matter of time before the next novel attack occurs. To avoid burnout — the consequences of which can lead to catastrophic breaches — organizations must support their cybersecurity teams by expanding their recruiting efforts, providing more resources and investing in the development and retention of their existing staff."

The findings are based on an online poll conducted this month with 269 cybersecurity professionals who participated in the survey.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights