10 April 2026

More than half of enterprises are operating with outdated device operating systems, significantly increasing their exposure to cyber attacks, according to new research from Jamf.

The findings, based on analysis of over 150,000 Mac devices in Jamf’s latest Security 360 Report, reveal widespread gaps in basic security hygiene. Around 53% of organisations identified devices running critically outdated operating systems, while 95% of applications analysed contained at least one medium-severity vulnerability.

Risky user behaviour is adding to the issue, with a quarter of organisations reporting phishing incidents and 18% of users connecting to unsecured public networks.

Andy Ward, SVP International at Absolute Security, commented: “An organisation is only as strong as its weakest endpoint, and attackers only need to exploit a single vulnerability to trigger operational disruption and long-term financial or reputational damage."

"Cyber-attacks are no longer a question of if, but when. Our recent research shows that endpoint security tools fail nearly one in five times, exposing a critical gap in traditional defences. To avoid falling victim to the downtime era, organisations must ensure their critical security controls remain resilient and effective under any conditions.”

Jamf warns that attackers are increasingly combining multiple vulnerabilities to launch more sophisticated exploits, including zero-click and browser-based attacks. Mobile devices, including Apple and Android, are now a key entry point, with recent spyware campaigns exploiting messaging and browser flaws.

Mac environments are also facing growing threats. Despite built-in protections, 44% of devices experienced malicious network activity and over a quarter of organisations were impacted by cryptojacking.

Trojans have emerged as the dominant attack method, contributing to a broader trend where malware –ranging from infostealers to adware – accounts for the vast majority of attacks.

With 58% of organisations running Macs on outdated operating systems and nearly three-quarters of devices hosting vulnerable applications, Jamf is urging businesses to adopt a more proactive and holistic approach to device and application security to reduce risk.