Press Releases

Enterprises Face Over 800,000 High-Severity Cyber Hygiene Failures

ThingsRecon, a leader in attack surface discovery, releases its first industry study on enterprise digital hygiene in attack surface and supply chains

ThingsRecon

ThingsRecon

September 9, 2025

September 9, 2025

September 2025 —The research analyzed more than 770,000 digital assets — including applications, domains, IPs, scripts, and certificates — from multiple organizations. The findings uncovered over 800,000 high-severity hygiene issues. That’s more issues than assets, meaning that on average every digital asset carried at least one serious weakness.

Key Findings:

  • Every application checked carried more than one issue on average (110% issue density)
  • Nearly two-thirds of domains showed multiple weaknesses (165% issue density)
  • 1 in 3 certificates were misconfigured (33%)

In one organization with 2,700 applications, 21 were found exposing unencrypted login forms, leaving credentials vulnerable to interception. In another case, 1,100 dangling DNS records were discovered across 6,000 applications, while nearly 1 in 5 apps carried an exploitable misconfiguration.

“These results show that cyber hygiene failures are systemic, not isolated,” said Stephane Konarkowski, Chief Product Officer and Co-Founder of ThingsRecon. “From unencrypted logins to dangling DNS records, attackers don’t need advanced exploits to gain access; they just take advantage of overlooked basics.”

Importantly, the study only considered high-severity hygiene issues across applications, domains, and certificates. It did not include:

  • Medium- and low-level hygiene issues
  • APIs
  • Software and third-party components
  • Public IP infrastructure
  • Other internet-facing services
  • Traditional software vulnerabilities (CVEs)

The true scale of weaknesses is therefore far greater than the 800,000 issues reported.  

ThingsRecon’s findings highlight that enterprises urgently need continuous, external visibility of their digital surfaces. Even the world’s largest organizations are overlooking fundamentals that create real-world risk.

About ThingsRecon

ThingsRecon provides advanced external attack surface discovery and supply chain intelligence, helping organizations identify and remediate weaknesses before attackers exploit them. By continuously monitoring applications, IPs, scripts, domains, APIs, and digital infrastructure, ThingsRecon enables enterprises to reduce their attack surface and strengthen resilience.

For more information, visit www.thingsrecon.com
get a personalized demo
What’s connected to you right now?
Run a discovery scan

More from

ThingsRecon

Press Releases

ThingsRecon Revolutionizes Supply Chain Attack Surface Security

Share Article

Share on LinkedinShare on XShare on Facebook

Related Articles

Press Releases

ThingsRecon Revolutionizes Supply Chain Attack Surface Security