The security ecosystem is focused on how fast security researchers can get mitigation to the end system, not on thwarting the threats themselves. It takes an average of four months to detect and mitigate security exposures: Malware is identified in the wild, analyzed to determine if it is a variant of an existing exploit, or a brand-new exposure. A new signature is made available for clients to download and implement, at which point, the malware is finally blocked. By this time, the bad actor has either evolved the exposure, or found a new one to exploit. And the cycle starts all over again.”]
Source: https://www.csoonline.com/article/3216629/a-security-call-to-arms.html