lywand’s recap

Hero Bild für den Artikel lywand’s Rückblick 2021: Die Zahl 2021 ist dargestellt mit dem Cutout Text Effekt.

Hard facts

  • Together with our distribution partner Nuvias, we have convinced 21 IT service providers of the benefits of lywand and gained them as partners.

  • Our partners have renovated the IT infrastructure of 62 companies with lywand.

  • In total, 308 security audits have been performed.

  • The average duration of a security audit was 9.5 hours.

  • We checked companies with very small infrastructures (from one target) up to large organizations (941 targets).

Lywand acquired 21 partners who performed 308 scans in 2021. In sum, the IT security of 62 companies has been renovated. The average scan duration was 9.5 hours, and the largest infrastructure scanned was 941 targets.

Rating of initial scans

According to the American school grading system from A-F

  • Of all the initial scans that were conducted, the average rating is between E and F.

  • A large proportion of companies (around 60 %) received the poor rating of F in the initial security scan.

  • Around 20 % received a rating of C.

  • The second poorest rating, E was obtained by 15% of the companies.

  • None of the companies had either an A or B rating.


Average rating of initial scans: 61% of customers have rating F, 15% rating E, 3% rating D, 21% rating C, 0% rating B, 0% rating A.

Rating of sectors

  • The IT sector performed best, with an average rating of C.

  • Followed by the industry and health sectors, which achieved an average rating of D.

  • The transport sector received a ranking of E.

  • Companies from the trade and tourism sectors had the worst ratings, with an average rating of F.

Average rating of the security situation of different sectors: IT has rating C; Industry and Health rating D; Transport has rating E, Retail and Tourism rating F.

Vulnerability overview

  • The lywand scan cluster currently distinguishes 112,244 different vulnerabilities, which it examines during a security audit of the external IT infrastructure.

  • So far, we have been able to discover more than 6,500 vulnerabilities at our customers' infrastructures.

  • Our partners resolved a total of 986 vulnerabilities with 414 recommended measures.

Lywand is able to detect 112000 vulnerabilities. 6500 vulnerabilities were detected at customers. 986 vulnerabilities have already been resolved by partners.

The most serious vulnerabilities

  1. Insecure or hacked passwords

  2. Security vulnerabilities in outdated CMS systems (Wordpress, Joomla)

  3. Insecure file sharing (ownCloud, QNAP)

  4. Outdated web server software (PHP, jQuery, OpenSSL, Apache)

  5. Outdated operating systems (Windows, Linux)

Most serious vulnerabilities 2021: 1. 	insecure or hacked passwords, 2.	 security vulnerabilities in outdated CMS systems (Wordpress, Joomla), 3.	 insecure file sharing (ownCloud, QNAP), 4.	outdated web server software (PHP, jQuery, OpenSSL, Apache), 5.	outdated operating systems (Windows, Linux)

The most common measures

  1. Improvement of encryption

    We generally recommend using better encryption methods.

  2. Change server configurations

    We recommend small adjustments of server configurations, thereby solving vulnerabilities or making them no longer exploitable.

  3.  Software update

    Outdated software versions were discovered. These should be updated to avoid known vulnerabilities in older versions.

  4. Change of passwords (disclosed/standard)

    Passwords should be changed immediately when they appear in a published data leak. Default passwords should not be used in general, and we recommend the use of a password manager.

  5. Update of operating systems

    Operating systems should be updated; in some cases, operating systems must be completely reinstalled.

Most frequently implemented measures in 2021: 1. improve encryption, 2. change server configuration, 3. update software, 4. change password, 5. update operating system.

Conclusion & outlook

Need for companies to catch up

Based on the results of our clients' first security checks, it is evident that we found security gaps in all cases and that the assessment was generally poor. With the help of our security checks, possible entry points for cyber criminals were discovered in time and, thanks to our partners, many of the security gaps have already been closed. As a result, the risk of (successful) cyberattacks has been significantly reduced

Often the “small” measures that do not incur costs and are easy to implement are the ones that can quickly improve the security level. It is particularly important that security audits take place at regular intervals so that a possible deterioration of the security situation can be detected quickly.

The data from the last six months illustrate that there is still a lot of demand for awareness and room for improvement in the area of IT security – in all sectors. This encourages us to pursue our mission every day. After all, we are working towards a future where security is no privilege, in which even the smallest company can meet the highest cybersecurity standards.


Expansion of partner network & launch of internal scan

We have also set ourselves big goals in 2022. We want to steadily expand our partner network in the DACH region and in the EMEA region in order to give as many companies as possible an easy entry to IT security. 

In addition, our security audit platform will be enlarged with the internal scan. Soon, our partners will be able to conduct an audit of their customers' internal IT infrastructure in addition to the external audit. (More to come in Q2.)


Are you pursuing the same mission as we are and would like to offer your customers a better security? In that case, become part of our partner network!

Your company also wants affordable, automated security checks for more visibility? Click the button to find a partner who renovates your IT security!

Teresa Leonhartsberger

January 31, 2022



Might be also interesting


Recap 2023

In this article, we look back on the past year and have summarised the most important things for you: newly developed features, updates on our partner network and technical insights into the security audit platform. Finally, you will find a summary of our management and an outlook for 2024.

January 24, 2024
Vertriebspartnerschaft mit Nestec

Press announcement

Partnership with Nestec

Our security audit platform is now available to IT service providers in Austria, South Tyrol and the Eastern European region via our new distribution partner Nestec. You can find all information about the new distribution partnership in our press release.

January 8, 2024
Product launch of Auto Healing

Press announcement

Auto Healing

Our new feature "Auto Healing" allows you to automatically fix up to 80% of your customers' internal vulnerabilities.

December 4, 2023