It takes about two days, sometimes less, for attackers to develop exploits that take advantage of a newly-announced vulnerability. It takes an IT department about a week, sometimes more, to deploy software patches required to eradicate that new vulnerability. IT security people are faced with an increasing number of patches to deploy, yet they are hamstrung by a shortage of skills, people, and resources. The time gap between the introduction of an exploit and the deployment of the “cure” is, in at least some cases, getting wider.”]
Source: https://www.darkreading.com/analytics/bridging-the-patch-gap