# Cyber Index #61 - Exploit time down to half a day, Nordic cyber budget data, and automotive vulnerabilities double

> This week's Cyber Index roundup: 7 reports on AI-compressed exploit speed, automotive vulnerabilities doubling, cloud AI security gaps, Nordic CISO budgets, and multi-turn attacks on frontier models.

Source: https://fmcybersecurity.com/en/insights/exposure/cybersecstats-61/
Locale: English
Other locale: https://fmcybersecurity.com/insights/exposure/cybersecstats-61/

## Metadata

- Date: 2026-06-03
- Author: fredrik-standahl
- Topic: exposure
- Format: news
- Scope: international

## This Week's Cybersecurity Eye-Openers

A quieter week for research, with only seven new reports, but the data points that surfaced are well worth your time. Three stats that jumped out at us:

**1. Automotive vulnerabilities doubled in 12 months**

265 unique automotive-specific vulnerabilities were identified in Q1 2026, up 102% from the same quarter a year earlier. One report this week even documents a cloud misconfiguration that locked thousands of drivers out of their cars for weeks.

**2. Exploits now ship faster than security updates**

AI-assisted exploit development has compressed the average time from vulnerability disclosure to a working exploit from 125 days in January 2025 to just half a day by April 2026. 62% of critical vulnerabilities with known exploits had working attacks available before scanner detection signatures even shipped.

**3. Organizations can't enforce their AI security plans**

There is a 51-point gap between organizations' intent to secure AI in the cloud and their capability to enforce it. Only 26% say they have the architecture in place to execute their strategy.

## Big Picture Reports

### ISC2 Research: Cybersecurity Professionals Want Leaders Who Have Been Through a Major Incident

No CISO wants to deal with a major security incident, but the upside of having lived through one is that they are far more likely to be seen as an effective leader.

**Incident experience counts:**

- 76% of people working in cybersecurity roles agree that previous leadership experience during a high-profile incident bolsters a leader's credibility.
- 95% mark the ability to communicate risk to senior leadership and boards as very important in a leader.
- 34% are very confident in the current leadership in cybersecurity.

[Read the full report here.](https://www.isc2.org/Insights/2026/05/building-a-resilient-cybersecurity-team-in-2026?ref=cybersecstats.com)

## AI Security

### Proprietary Problems: How Frontier Closed Models Collapse Under Iterative Pressure (Cisco)

New AI models can look secure in a single conversation, but if you keep pushing them with follow-up attacks, many fall apart, and some get dramatically worse with each attempt.

**Multi-turn attacks do more damage:**

- Multi-turn attack success rates range from 7.89% to 88.30% across proprietary flagship models.
- GPT-5.4 moves from 2.74% single-turn to 24.68% multi-turn, a ninefold increase.
- Grok 4.1 Fast in its non-reasoning configuration records a multi-turn attack success rate of 88.30%.

[Read the full report here.](https://blogs.cisco.com/ai/proprietary-problems?ref=cybersecstats.com)

## Vulnerability Management

### The Detection Gap: How Exploits are Outpacing Scanners (Cogent Security)

Time to exploit is basically nothing now.

**Exploits ship before detections:**

- AI-assisted exploit development compressed the average time from disclosure to a working exploit from 125 days in January 2025 to half a day by April 2026.
- 62% of critical vulnerabilities with known exploits had working exploits available before scanner detection signatures were shipped.
- 55.7% of critical CVEs never received any scanner coverage.

[Read the full report here.](https://www.cogent.com/resources/lp-rp-detection-gap-q2-2026?ref=cybersecstats.com)

### Stop Counting CVEs: What Actually Mattered in Q1 2026 (Root Evidence)

The industry publishes tens of thousands of vulnerabilities every year. Almost all of them will never hurt anyone.

**Most CVEs don't matter:**

- Only 1.4% of publicly disclosed vulnerabilities are known to be exploited in real-world attacks.
- 36.5% of known-exploited vulnerabilities have a CVSS score of 9.0 or higher, while 63.5% are rated high, medium, or lower.
- Over 80% of known-exploited vulnerabilities have no Metasploit module.

[Read the full report here.](https://www.businesswire.com/news/home/20260527568617/en/Root-Evidence-Research-Finds-Only-1.4-of-Vulnerabilities-Are-Known-to-Be-Exploited-in-Real-World-Attacks?ref=cybersecstats.com)

## Cloud Security

### 2026 Cloud Security Report: Securing the AI Transformation (Check Point)

Organizations want to secure AI in the cloud. What they are capable of doing in practice is a different story.

**Strategy and capability don't match:**

- Only 26% of organizations report having the architecture to enforce their AI-related cloud security strategy.
- 78% report confirmed or suspected AI-related security incidents over the past year.
- 24% say they have no AI-specific access controls.

[Read the full report here.](https://engage.checkpoint.com/2026-cloud-security-report-securing-the-ai-transformation?ref=cybersecstats.com)

## Industry-Specific

### Global Automotive Cybersecurity Report Q1 2026 (PCA Cyber Security)

The automotive industry had a rough start to the year.

**Vulnerabilities doubled in a year:**

- 265 unique automotive-specific vulnerabilities were identified in Q1 2026, a 102% year-on-year increase versus Q1 2025.
- Competitors at Pwn2Own Automotive 2026 in Tokyo found 76 unique zero-days.
- Ransomware groups exfiltrated nearly one terabyte of data from a major Asian vehicle manufacturer's customer and dealership environment in early January 2026 via a third-party vendor.

[Read the full report here.](https://pcacybersecurity.com/resources/threat_intelligence_quarterly_report?ref=cybersecstats.com)

## Regional Spotlight

### Threat Labs Report: Europe 2026 (Netskope)

Almost every organization in Europe now uses AI, and employees regularly upload regulated data and source code to their personal AI accounts.

**Regulated data is leaking into AI:**

- About 99% of organizations in Europe use AI.
- 59% of data policy violations across AI and personal cloud applications involve regulated data.
- 15% of data policy violations involve source code.

[Read the full report here.](https://www.netskope.com/resources/threat-labs-reports/threat-labs-report-europe-2026?ref=cybersecstats.com)

### Nordic CISO Report 2026 (Truesec)

Some encouraging data on Nordic CISOs and Nordic security budgets.

**Severe incidents dropped sharply:**

- In 2026, only 9% of Nordic CISOs reported an increase in severe cybersecurity incidents, compared to 53% in 2025.
- Cybersecurity budgets among Nordic organizations remain in the 5 to 10% of IT budget range, with an average of around 7%.
- 32% of Nordic CISOs cited identity-related attacks as their primary concern.

[Read the full report here.](https://www.truesec.com/news/new-nordic-ciso-report-from-truesec?ref=cybersecstats.com)

---

For the full documentation index, see https://fmcybersecurity.com/llms.txt
For the complete corpus as a single document, see https://fmcybersecurity.com/llms-full.txt