Cybercriminals Have Open Access to Enterprise PCs 76 Days Per Year, According to New Research From Absolute Security

The Absolute Security Resilience Risk Index 2026 paints a stark picture of today’s endpoint landscape. While organizations pour billions into AI‑driven defenses, the data shows that security tools still miss one in five attacks, granting cybercriminals unfettered access to corporate PCs for roughly 76 days annually. This persistent blind spot fuels an estimated $400 billion in downtime losses, a figure that dwarfs many traditional IT budgets and highlights the economic urgency of closing the protection gap.

A key driver of this vulnerability is the widening lag in critical operating‑system patches. The average delay has ballooned to 127 days for Windows 10 and 11, more than double the 56‑day lag reported a year earlier. Coupled with the fact that 10% of enterprise machines remain on end‑of‑life Windows 10, organizations face a perfect storm of unpatched exploits, zero‑day attacks, and ransomware threats. The longer a system stays unpatched, the greater the attack surface, eroding trust in the very infrastructure that powers modern digital operations.

Compounding the risk is the rapid adoption of generative AI tools and AI‑ready hardware. Browser sessions to high‑risk GenAI sites have more than doubled, reaching 350 million, while 96% of PCs now boast 16‑32 GB RAM for AI workloads. Yet, endpoint security continues to falter, leaving sensitive data on 30% of devices unencrypted and 25% of devices unaccounted for. Enterprises must therefore prioritize resilient, AI‑aware security architectures that maintain functionality under attack, enforce strict governance on AI interactions, and accelerate patch management to mitigate the escalating downtime era.