lywand’s recap

End of May 2021 we launched our platform for the very first time. What has happened since then? We take a look back at the most common security vulnerabilities and most effective measures in 2021.

Hard facts

  • Together with our distribution partner Nuvias, we have convinced 21 IT service providers of the benefits of lywand and gained them as partners.

  • Our partners have renovated the IT infrastructure of 62 companies with lywand.

  • In total, 308 security audits have been performed.

  • The average duration of a security audit was 9.5 hours.

  • We checked companies with very small infrastructures (from one target) up to large organizations (941 targets).

Lywand acquired 21 partners who performed 308 scans in 2021. In sum, the IT security of 62 companies has been renovated. The average scan duration was 9.5 hours, and the largest infrastructure scanned was 941 targets.

Rating of initial scans

According to the American school grading system from A-F

  • Of all the initial scans that were conducted, the average rating is between E and F.

  • A large proportion of companies (around 60 %) received the poor rating of F in the initial security scan.

  • Around 20 % received a rating of C.

  • The second poorest rating, E was obtained by 15% of the companies.

  • None of the companies had either an A or B rating.


Average rating of initial scans: 61% of customers have rating F, 15% rating E, 3% rating D, 21% rating C, 0% rating B, 0% rating A.

Rating of sectors

  • The IT sector performed best, with an average rating of C.

  • Followed by the industry and health sectors, which achieved an average rating of D.

  • The transport sector received a ranking of E.

  • Companies from the trade and tourism sectors had the worst ratings, with an average rating of F.

Average rating of the security situation of different sectors: IT has rating C; Industry and Health rating D; Transport has rating E, Retail and Tourism rating F.

Vulnerability overview

  • The lywand scan cluster currently distinguishes 112,244 different vulnerabilities, which it examines during a security audit of the external IT infrastructure.

  • So far, we have been able to discover more than 6,500 vulnerabilities at our customers' infrastructures.

  • Our partners resolved a total of 986 vulnerabilities with 414 recommended measures.

Lywand is able to detect 112000 vulnerabilities. 6500 vulnerabilities were detected at customers. 986 vulnerabilities have already been resolved by partners.

The most serious vulnerabilities

  1. Insecure or hacked passwords

  2. Security vulnerabilities in outdated CMS systems (Wordpress, Joomla)

  3. Insecure file sharing (ownCloud, QNAP)

  4. Outdated web server software (PHP, jQuery, OpenSSL, Apache)

  5. Outdated operating systems (Windows, Linux)

Most serious vulnerabilities 2021: 1. 	insecure or hacked passwords, 2.	 security vulnerabilities in outdated CMS systems (Wordpress, Joomla), 3.	 insecure file sharing (ownCloud, QNAP), 4.	outdated web server software (PHP, jQuery, OpenSSL, Apache), 5.	outdated operating systems (Windows, Linux)

The most common measures

  1. Improvement of encryption

    We generally recommend using better encryption methods.

  2. Change server configurations

    We recommend small adjustments of server configurations, thereby solving vulnerabilities or making them no longer exploitable.

  3.  Software update

    Outdated software versions were discovered. These should be updated to avoid known vulnerabilities in older versions.

  4. Change of passwords (disclosed/standard)

    Passwords should be changed immediately when they appear in a published data leak. Default passwords should not be used in general, and we recommend the use of a password manager.

  5. Update of operating systems

    Operating systems should be updated; in some cases, operating systems must be completely reinstalled.

Most frequently implemented measures in 2021: 1. improve encryption, 2. change server configuration, 3. update software, 4. change password, 5. update operating system.

Conclusion & outlook

Need for companies to catch up

Based on the results of our clients' first security checks, it is evident that we found security gaps in all cases and that the assessment was generally poor. With the help of our security checks, possible entry points for cyber criminals were discovered in time and, thanks to our partners, many of the security gaps have already been closed. As a result, the risk of (successful) cyberattacks has been significantly reduced

Often the “small” measures that do not incur costs and are easy to implement are the ones that can quickly improve the security level. It is particularly important that security audits take place at regular intervals so that a possible deterioration of the security situation can be detected quickly.

The data from the last six months illustrate that there is still a lot of demand for awareness and room for improvement in the area of IT security – in all sectors. This encourages us to pursue our mission every day. After all, we are working towards a future where security is no privilege, in which even the smallest company can meet the highest cybersecurity standards.


Expansion of partner network & launch of internal scan

We have also set ourselves big goals in 2022. We want to steadily expand our partner network in the DACH region and in the EMEA region in order to give as many companies as possible an easy entry to IT security. 

In addition, our security audit platform will be enlarged with the internal scan. Soon, our partners will be able to conduct an audit of their customers' internal IT infrastructure in addition to the external audit. (More to come in Q2.)


Are you pursuing the same mission as we are and would like to offer your customers a better security? In that case, become part of our partner network!

Your company also wants affordable, automated security checks for more visibility? Click the button to find a partner who renovates your IT security!

Teresa Leonhartsberger

January 31, 2022



Might be also interesting


From IT service provider to MSP: Why lywand is the ideal solution

This article highlights the differences between the traditional IT service model and the Managed Service Provider (MSP) approach. It explains the advantages of the MSP approach and how the transition from a traditional IT service provider to an MSP can be successfully managed.

July 15, 2024

Press announcement

SYNAXON AG and Lywand Software GmbH announce new collaboration

SYNAXON is expanding its own managed services portfolio with a cyber security platform based on the proven technology of Lywand Software GmbH.

June 20, 2024


Why Independent Security Audits are Essential

In this article, we highlight the benefits of independent security audits and their ability to provide comprehensive assessments - a cornerstone of an effective cybersecurity strategy.

June 7, 2024