What is a vulnerability?
A vulnerability is a weakness in software, configuration, process, or behaviour that could be exploited or abused.
Simple example
An outdated website plugin has a known flaw that allows unauthorised access.
Why it matters
Understanding vulnerabilities helps businesses prioritise fixes before attackers use them.
Common warning signs
- The activity is unexpected or unusual for the business context.
- The request or system behaviour creates pressure to act quickly.
- Normal approval, verification, or security processes are bypassed.
- There are signs of unauthorised access, data exposure, or system change.
- Staff are unsure whether the request, message, or system behaviour is legitimate.
Cyber Doc view
This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.
What to do
Proactive steps
- Keep systems updated.
- Run vulnerability checks where appropriate.
- Fix internet-facing weaknesses quickly.
- Document known weaknesses and owners.
- Use secure configuration baselines.
Reactive steps
- Assess whether the vulnerability is exposed or exploited.
- Apply patches or mitigations.
- Review logs for suspicious activity.
- Prioritise systems with sensitive data or internet exposure.
- Retest after remediation.
Related terms
- Patch management
- Attack surface
- Penetration testing