Skip to main content

Absolute Software’s Annual Endpoint Risk Report Underscores Compromised Security Controls Widening Enterprise Attack Surface

 Findings reveal 1 in 4 enterprise devices analyzed had unhealthy or ineffective security applications at any given time, leaving sensitive data at risk

Absolute Software™ (NASDAQ: ABST) (TSX: ABST), a leader in Endpoint Resilience™ solutions, today announced key findings from its third annual Endpoint Risk Report. This year’s edition shines a light on key trends affecting enterprise data and device security, and underscores the dangers of compromised security controls in expanding an already wide attack surface for today’s enterprises.

Researchers estimate that the number of ransomware attacks grew by more than 150 percent in 2020, fueled by the global pandemic and the massive disruption to IT and Security operations. According to The Coveware Quarterly Ransomware Report, the most common software vulnerabilities exploited by ransomware attackers in Q1 (Jan – Mar) 2021 involved Virtual Private Networks (VPNs). It goes on state that “the cyber extortion economic supply chain demonstrated how a vulnerability in widely used VPN appliances can be identified, exploited and monetized by ransomware affiliates.”

The findings in Absolute’s 2021 Endpoint Risk Report reveal that the need to support and secure remote workforces only exacerbated the existing complexities found in today’s endpoint environments - and with increasing complexity comes the increased risk of friction, failure, and noncompliance. One in four devices analyzed had critical security controls — such as encryption, antivirus, or VPN — considered to be unhealthy, or not working effectively, at any given time. If left unaddressed, almost any application deployed on the endpoint carries the potential of becoming an attack vector.

“The trends in this year’s report — unaddressed vulnerabilities, unprotected data, and failing security controls – are clear indicators that it is time for organizations to put rigor around ensuring the endpoint security tools they’ve invested in are effectively protecting their valuable, and vulnerable, corporate devices and data,” said Christy Wyatt, President and CEO of Absolute. “And, the findings underscore the critical need for resilient endpoints and applications in the evolving ‘work from anywhere’ era. The ability to identify and mitigate risk is dependent on having the ability to monitor the state of every device and application, identify where things might be fragile or falling down, and autonomously heal them when needed.”

The Absolute Platform for Endpoint Resilience enables a secure, unbreakable connection to every endpoint, delivering visibility and intelligence into devices, data, and applications across the entire endpoint environment. Absolute's Application Persistence™ service continuously measures the effectiveness of a growing ecosystem of mission-critical security and productivity applications, and empowers them to automatically repair or reinstall themselves if they become compromised. Absolute’s insights show that enterprise devices running Absolute's Application Persistence service reported security control effectiveness 21 percent higher than those without.

Other notable insights from the 2021 Absolute Endpoint Risk Report include:

  • Endpoint complexity and redundancy continue to plague enterprises:The average number of security controls has increased to more than 11 per enterprise device, with the majority of devices containing multiple controls with the same function. Two in three (60%) enterprise devices analyzed had two or more encryption applications installed, while more than half (52%) had three or more endpoint management applications installed.
  • Sensitive data remains unprotected and at risk: Nearly three in four (73%) enterprise devices analyzed contained sensitive data, such as Protected Health Information (PHI) or Personally Identifiable Information (PII). Compounding the risk of exposure, nearly one in four (23%) devices with high levels of sensitive data also reported unhealthy encryption controls.
  • Patching delays leave critical vulnerabilities unaddressed: The average Windows 10 enterprise device was found to be 80 days behind in applying the latest available OS patches. More than 40 percent of Windows 10 enterprise devices were running version 1909, which is associated with over 1,000 known vulnerabilities.

Absolute’s 2021 Endpoint Risk Report was developed using anonymized data from nearly five million Absolute-enabled devices active across 13,000 customer organizations in North America and Europe. To download the full report, visit here.

To learn more about how Absolute’s undeletable defense platform enables always-connected visibility and Self-Healing Endpoint™ security, visit

About Absolute Software

Absolute Software is a leader in Endpoint Resilience solutions and the industry’s only undeletable defense platform embedded in over a half-billion devices. Enabling a permanent digital tether between the endpoint and the enterprise who distributed it, Absolute provides IT and Security organizations with complete connectivity, visibility, and control, whether a device is on or off the corporate network and empowers them with Self-Healing Endpoint security to ensure mission-critical apps remain healthy and deliver intended value. For the latest information, visit and follow us on LinkedIn or Twitter.

©2021 Absolute Software Corporation. All rights reserved. ABSOLUTE, ABSOLUTE SOFTWARE, the ABSOLUTE logo, PERSISTENCE, ABSOLUTE RESILIENCE, ENDPOINT RESILIENCE, and APPLICATION PERSISTENCE are trademarks of Absolute Software Corporation and the exclusive rights to such trademarks are expressly reserved. Other names or logos mentioned herein may be the trademarks of Absolute or their respective owners. The absence of the symbols ™ and ® in proximity to each trademark, or at all, herein is not a disclaimer of ownership of the related trademark.


Data & News supplied by
Stock quotes supplied by Barchart
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.