One in four devices analyzed had critical security controls ‘ such as encryption, antivirus, or VPN ‘ considered to be unhealthy, or not working effectively, at any given time. 73% of enterprise devices analyzed contained sensitive data, such as Protected Health Information (PHI) or Personally Identifiable Information (PII) The average number of security controls has increased to more than 11 per enterprise device, with the majority of devices containing multiple controls with the same function. The average Windows 10 enterprise device was found to be 80 days behind in applying the latest available OS patches.
Source: https://www.helpnetsecurity.com/2021/06/01/endpoint-complexities/