25 March 2026

Absolute Security has revealed that endpoint security software fails to protect devices nearly 21% of the time, according to its 2026 Resilience Risk Index.

This finding means that globally-distributed PCs are vulnerable to AI-driven attacks and cyber incidents up to 76 days per year – a gap that is contributing to $400 billion in annual downtime losses.⁽¹⁾

Absolute Security’s Cyber Resilience Risk Index Report analysed telemetry data from more than 16 million enterprise endpoints, uncovering vulnerabilities and exposing organisations to unprecedented risks.

“Cyberattacks are inevitable, downtime is optional,” said Christy Wyatt, President and CEO of Absolute Security. “The cybersecurity industry has rushed to provide innovations that detect and prevent threats, unfortunately it’s lagging when it comes to ensuring that tools can remain operational when they are needed most. Enterprise security, risk, and business leaders that are working together to ensure their critical defenses remain resilient under any conditions will avoid falling victim to the downtime era.”

Critical OS patching across PCs running Windows 10 and 11 is behind an average of 256 days, leaving devices vulnerable to downtime caused by zero-day attacks, ransomware, compromise and configuration failures. This is a sharp increase over what was revealed in the 2025 report, when overall patching lagged 56 days.

On top of this, 10% of PCs continue to run on Windows 10. With Microsoft having ended support for the OS in October 2025, these devices are now permanently defenseless against adapting and emerging vulnerabilities and attacks.

At the same time, endpoint behaviour is becoming harder to control. PCs continue to engage with high-risk GenAI sites like DeepSeek while also massively increasing the number of browser sessions observed from 150 million to 350 million, year-over-year. With endpoint security tools failing in one in five cases, this means that GenAI visits may be taking place without governance applied.

Data exposure remains a persistent concern. Across all industries, 20% of connected devices store sensitive data, with 30% lacking encryption, and 25% unaccounted for. Last year’s report revealed that 18% of connected devices stored sensitive data, with 35% lacking encryption and 26% unaccounted for.

Alongside this, endpoint devices are rapidly becoming the new AI platform, despite security software failing 20% of the time. In the 2025 report, it was shown that 68% of PCs had enough RAM needed to fully take advantage of AI (16-32 GB). This year, it was revealed that enterprises are ramping investment in AI ready devices, with 96% now equipped with 16-32 GB.

⁽¹⁾ The Hidden Costs of Downtime The $400B problem facing the Global 2000; Oxford Economics in Partnership with Splunk, 2024