Disclosed software flaws across the Microsoft platforms are on the rise, new reporting has disclosed.

BeyondTrust’s latest Microsoft Vulnerabilities Report and the Allianz Risk Barometer have revealed a landscape shaped by escalating software weaknesses and increasing dependency on technology-driven infrastructure.

For the fourth consecutive year, cyber events ― including ransomware, system outages, and data breaches ― ranked highest among business risks in Allianz Commercial’s global survey.

Thirty-eight per cent of respondents named cyber threats as their top concern, reflecting growing apprehension around the consequences of digital disruptions.

The findings align with BeyondTrust’s 12th annual report, which showed that 2024 marked a record year for Microsoft software vulnerabilities.

The company reported 1,360 disclosed flaws across Microsoft platforms ― an 11 per cent increase from the previous peak of 1,292 set in 2022.

The report aggregated data from Microsoft’s publicly released security advisories, analysing risks across systems such as Windows, Azure, and Dynamics 365.

Vulnerabilities tied to privilege escalation comprised the largest share, accounting for 40 per cent of the total. Incidents involving bypassed security features rose sharply ― by 60 per cent ― with 90 cases reported last year.

While critical vulnerabilities declined overall, analysts warn that the expanding scale of reported flaws requires heightened vigilance from enterprise security teams.

James Maude, field chief technology officer at BeyondTrust, pointed to the continuing appeal of privileged access as a target for attackers.

“Data offers a clear reminder that the threat landscape isn’t slowing down ― it’s rapidly evolving,” he said. “The sustained dominance of Elevation of Privilege vulnerabilities highlights how valuable privileges are to attackers and why they will continue to target identities with privileges to move laterally and gain access to critical systems.”

Windows operating systems saw a combined total of more than 1,270 reported vulnerabilities in 2024, including 76 categorised as critical.

Office application vulnerabilities nearly doubled year-over-year, and Microsoft Edge saw a 17 per cent increase, with nine critical flaws identified. In contrast, issues in Azure and Dynamics 365 appeared to level off.

Despite a decrease in the number of severe flaws, the total volume of vulnerabilities suggested ongoing pressure on IT resources and patching capabilities.

The report recommended adopting a multilayered defence strategy, combining access controls with real-time detection, to protect against identity-driven and zero-day attacks.

For commercial insurers and brokers, the increasing frequency of such threats has implications for policy design, underwriting models, and client risk advisory. Insurers may need to adjust cyber coverage frameworks to account for exposures related to system architecture and identity-based risks.

The two reports aligned on several forward-looking assessments:

• Systems left unpatched remain at significant risk

• Cloud services and AI technologies are contributing to broader attack surfaces

• Threat actors are increasingly targeting digital identities

• Least-privilege enforcement and layered defence remain core risk mitigation strategies

As digital ecosystems grow more interconnected, risk professionals are being called on to adapt their practices to meet the complexity and velocity of threats.