As we’re increasingly seeing in our interconnected, technological world, cybersecurity is an ever-growing imperative for companies around the globe. Action1, innovators in cloud-based cybersecurity solutions, has taken a stand against the urgent issue of outdated patching policies. With its advanced patching and automation features, Action1 empowers organizations to strengthen their resilience and ensure compliance against a backdrop of increasingly sophisticated cyber threats.
The need for patch management lifecycle modernization is further illustrated by shocking statistics. The window of opportunity which existed between disclosure and exploitation has virtually disappeared and is now often mere days or even hours. Unfortunately, many organizations are still bragging that they’re able to patch in weeks or months. This practice opens them up to future breaches — breaches which may end up costing millions in damages. Gene Moody, the Field CTO of Action1, engages with industry leaders and clients globally to advocate for a shift toward continuous vulnerability remediation.
The Need for Continuous Patching
The cybersecurity landscape is changing more quickly than ever before. As organizations continue to be overwhelmed by a growing number of cyberattacks, the old methods of patch management don’t hold up against today’s challenges. Action1 is a direct response to the challenge posed by legacy patching policies that have often failed to protect systems from exposure to known vulnerabilities.
We all know that most organizations are working with a monthly or bi-weekly cadence on patches. This makes them susceptible during the critical first week post-vulnerability disclosure. As we found in our 2025 Software Vulnerability Ratings Report, vulnerabilities with patches more than 30 days old were successfully exploited in 61% of cases in 2024. This widespread increase underscores the need for proactive patching and timely updates.
Gene Moody highlighted the gravity of the situation, stating, “Every day of delay in patching raises the likelihood of attackers exploiting an unpatched vulnerability.” This claim shines a new light on the need for all organizations to take a more proactive and holistic approach to vulnerability management.
Action1’s Innovative Solutions
Action1’s platform offers on-going, automated, policy-based remediation that takes most of the patching work off the plate of organizations big and small. Action1 gives users the ability to speak policy, by creating automated workflows that deliver policy intent. This change improves the ability of firms to maintain positive cybersecurity practices.
Automation, a key focus of the platform’s core features beyond patching, increases efficiency throughout the workflow. Such automation is needed in an era where accelerating pace of change includes the evolution of cyber threats.
Moody advocates for a shift in mindset among organizations: “What do we do now? What more could we be doing, and why are we not doing it?” He challenges companies to reconsider how they operate today. By implementing smarter solutions such as Action1, city leaders will be better positioned to respond with more agile and effective vulnerability management.
The Cost of Inaction
The financial effects of these poor patching practices are enormous. One breach can lead to tens of millions in losses. They erode your bottom line today and erode your good name forever. If cyber threats are going to persist and get worse, then organizations need to internalize that “insurance is not the answer.”
Too many companies continue to treat vulnerability management as a checkbox compliance exercise rather than the deep, continuous cybersecurity strategy it should be. By failing to make prompt patching and remediation a priority, they put themselves at avoidable risk.
As the Action1 data accordingly shows, exploited vulnerabilities almost doubled in 2024 relative to last year. This trend highlights an urgent need for organizations to reassess their risk management strategies and adopt practices that mitigate vulnerabilities effectively.
Advocating for Change
Gene Moody emphasizes the importance of engaging with industry leaders and customers worldwide to promote the modernization of patch management. His advocacy highlights the need to shift organizations’ cybersecurity burdens from passively accepting risk to proactively protecting against a rapidly evolving landscape.
Action1 develops campaigns to inform stakeholders about the value of quick or better patching and/or vulnerability remediation. In doing so, they provide authorities with the opportunity to support organizations in creating greater resilience and maintaining compliance.
Moody summarizes this sentiment succinctly: “If it cannot be patched, it must be redundant.” Organizations need to take an active approach to the management of assets. Yet they must take steps to make sure that any system that cannot be consistently, regularly updated no longer presents a risk.