Cyber: Ctem Divide: Why 84% Of Security Programs Are Falling Behind

A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark divide forming between organizations – one that has nothing to do with budget size or industry and everything to do with a single framework decision. Organizations implementing Continuous Threat Exposure Management (CTEM) demonstrate 50% better attack surface visibility, 23-point higher solution adoption, and superior threat awareness across every measured dimension. The 16% who've implemented it are pulling away. The 84% who haven't are falling behind.

The research surveyed a senior cohort: 85% of respondents are Manager-level or above, representing organizations where 66% employ 5,000+ people across finance, healthcare, and retail sectors.

If you aren’t familiar, CTEM involves shifting from "patch everything reactively" to "continuously discover, validate, and prioritize risk exposures that can actually hurt the business." It's widely discussed in cybersecurity now as a next-generation evolution of exposure/risk management, and the new report reinforces Gartner’s view that businesses adopting it will consistently demonstrate stronger security outcomes than those that don’t.

One surprising finding: There doesn’t seem to be a problem with awareness, just implementation. 87% of security leaders recognize the importance of CTEM, but only 16% have translated that awareness into operational reality. So, if they've heard of it, why aren't they using it?

The gap between awareness and implementation reveals modern security's central dilemma: which priority wins? Security leaders understand the CTEM conceptually but struggle to sell its benefits in the face of organizational inertia, competing priorities, and budget constraints that force impossible tradeoffs. The challenge of gaining management buy-in is one reason why we prepared this report: to provide the statistics that make the business case impossible to ignore.

For example: Beyond a certain threshold, manual tracking of all the additional integrations, scripts, and dependencies breaks down, ownership blurs, and blind spots multiply. The research makes it clear that attack surface complexity is not just a management challenge; it's a direct risk multiplier.

We can see this clearly in the graph below. Attack rates rise linearly from 5% (0-10 domains) to 18% (51-100 domains), then rise steeply past 100 domains.

This sudden increase is driven by the ‘visibility gap’, the gulf between the asse

Source: The Hacker News