Endpoint Gaps: 21% Exposure

Absolute Security’s 2026 Resilience Risk Index calculates the average enterprise PC spends roughly 76 days per year outside a reliably enforceable security state, based on telemetry across millions of endpoints. (digit.fyi) The report ties those gaps to aggregate downtime losses of about $400 billion annually across the Global 2000 and cites Splunk research showing average company revenue loss near $49 million per year from high-impact outages. (digit.fyi) Absolute found critical OS patching lag has stretched to an average of 127 days, and roughly 10% of enterprise PCs in the dataset were still running Windows 10 despite end-of-support last October. (digit.fyi) Overall device integrity dropped from 64% in 2025 to 55% in 2026, leaving nearly half of tracked devices without full security controls and increasing exposure to zero-day and ransomware threats. (digit.fyi) Breakdowns by control category show vulnerability management out-of-compliance rising to 24%, EPP/EDR controls at about 23% out of compliance, and Security Service Edge controls moving to 14% noncompliance. (helpnetsecurity.com) Vendor-level performance in the dataset varied widely, with top-tier endpoint management vendors near 99% protected-state integrity while at least one vendor’s rate fell from 64% to 55% year-over-year. (helpnetsecurity.com) The index also notes rapid growth in browser-based AI use—more than 99% of enterprise genAI activity occurs via the web, with ChatGPT accounting for about 78% of that traffic and Google’s Gemini web app rising to roughly 16%—raising visibility and data-exposure concerns. (digit.fyi)