Why the 14-Day Patching Window Is No Longer Enough, And What UK Businesses Should Do Instead Whoever wrote the Cyber Essentials 14-day patching requirement wrote it for a different threat landscape. In 2018 it made sense. The average time between a vulnerability being disclosed and attackers actively exploiting it was 756 days. Businesses had overContinue reading “Why the 14-Day Patching Window Is No Longer Enough, And What UK Businesses Should Do Instead”