Skip to content

Vulnerability management: emerging good practices from ORX Cyber discussions

POSTED BY

Vulnerability management has rapidly become a key cyber risk management area of focus for financial services firms. Recent developments in frontier AI and the continued challenges posed by legacy technology prompted debates on whether current operating models remain fit for purpose.

In June 2026, we hosted focused calls on vulnerability management with ORX Cyber subscribers to explore how firms are managing these evolving challenges. The conversations built on themes heard at the 2026 European Cyber Forum, where participants described vulnerability management as a growing concern and commented that firms are being asked to “solve a 20-year problem in 6 months”. They also followed discussions on Claude Mythos and other frontier AI models as part of the ORX Cyber Working Group, where questions were raised around whether firms are prepared respond to vulnerabilities at “machine speed”.

This blog summarises the key themes from those discussions and provides a round-up of current and emerging good practices across governance, prioritisation, remediation, legacy technology and 2LOD oversight.

true

The full blog is only available to ORX Cyber subscribers

Want to read this blog?

If your firm is an ORX Cyber subscriber, log in or create a website account to read this resource.

Log into the ORX website

Create an account

 

Not an ORX Cyber subscriber? Talk to us today to discuss how you could join the ORX Cyber community.

Speak to an expert

Find out more about ORX Cyber