Pulse Check: CVE and Remote Desktop Trends for March to June 2026
- J. Foster Davis
- Jun 25
- 4 min read
Our latest observations from March 15 to June 15, 2026, highlight two important areas: remote desktop access from the public Internet and the presence of exploitable critical vulnerabilities. Here's the hacker’s perspective on these attack pathways, and implications to cyber insurance underwriting and claims management.

Observations
The data includes a non-scientific sample of over 1,000 current or prospective policyholders. BreachRisk™ a.i. automatically gathered the data using ethical passive hacker tradecraft, which was then processed through The Cyber Questionnaire Validator. Not all companies were assessed at each time period, monthly samples were determined as a result of pseudo-randomized selection with other factors used by BreachRisk™ a.i. when collecting underwriting measurements.

Fewer critical CVEs were available to attackers on the public Internet, likely due to patching and security control practices.
Fewer remote desktop pathways exposed to attackers were observed in May and June, compared to March and April.

The Cyber Questionnaire Validator™ question text | Evidence:March"yes" | Evidence:April"yes" | Evidence:May"yes" | Evidence:June"yes" |
Does the Applicant have any known exploitable Critical Common Vulnerabilities and Exposures (Critical CVEs) that could provide an attacker with unauthorized access to their data? | 6.45% | 4.14%, | 0.75% | 0.31% |
Does the Applicant allow Remote Desktop Protocol (RDP), Virtual Network Computing (VNC) or other remote desktop connectivity to their environment(s) from the public Internet? | 6.45% | 2.07% | 0.00% | 0.00% |
Direct measurements by BreachRisk™ a.i. and The Cyber Questionnaire Validator™ cover approximately 15 March 2026 - 15 June 2026. n>1000, multiple regions, multiple lines, non-scientific sample. | ||||
Trends in Critical CVEs Among Applicants
The first question highlighted focuses on whether applicants have any known exploitable critical Common Vulnerabilities and Exposures (CVEs) that could allow unauthorized access. The data shows a steady decline but not complete elimination:
March 2026: 6.45% had verified, critical CVEs
April 2026: 4.15%
May 2026: 0.75%
June 2026: 0.31%
This indicates progress in patch management but also highlights that some companies still face serious vulnerabilities. Keep in mind that this does not include theoretical CVEs or those that appear to be protected. BreachRisk™ a.i. only reports on verified threats with viable pathways, tools, and techniques that can actually allow attackers to exploit the threat.

Why Attackers Exploit Critical CVEs
Critical CVEs represent known security flaws that attackers can exploit to gain unauthorized access, often without needing credentials. Attackers use these vulnerabilities to:
Execute remote code
Bypass authentication
Escalate privileges
Exploiting CVEs is often faster and less noisy than brute forcing remote desktop access.
Insurance Carrier Perspective on CVEs
Critical vulnerabilities increase the risk of successful cyberattacks that lead to costly claims. Insurance carriers worry about:
Large-scale data breaches
Regulatory penalties for failing to patch known vulnerabilities
Increased claim severity due to attacker persistence
Tracking CVEs helps carriers identify applicants with weak security hygiene.
Underwriting Advantages of Standardized CVE Data
Automated, standardized answers about critical CVEs provide underwriters with:
Objective evidence of patching effectiveness
Early warning signs of potential risk exposure
Data to support risk-based pricing and coverage decisions
This improves underwriting accuracy and helps carriers manage portfolio risk.
Remote Desktop Access Trends and Their Risks
Remote Desktop Protocol (RDP), Virtual Network Computing (VNC), and similar remote desktop tools provide convenient access for IT teams. However, when these services are exposed to the public Internet, they become prime targets for attackers. The data shows a sharp decline in applicants allowing remote desktop access from the public Internet:
March 2026: 6.45% of applicant companies were found to have remote desktop access exposed to the public Internet
April 2026: 2.07%
May 2026: 0%
June 2026: 0%
This trend could suggest companies are increasingly aware of the risks and are closing these open doors, but further observation is needed to determine if these observations are outliers.
Why Hackers Target Remote Desktop Access
Attackers favor remote desktop services exposed to the Internet because they offer a direct entry point into corporate networks. Common attack methods include:
Brute force attacks to guess weak passwords
Exploiting unpatched vulnerabilities in RDP or VNC software
Using stolen credentials from phishing or data breaches
Once inside, attackers can move laterally, escalate privileges, and access sensitive data or deploy ransomware, usually without being caught by sercurity measures.
Insurance Carrier Concerns
From an insurance perspective, remote desktop exposure increases the likelihood of a breach claim. Claims often involve:
Data theft or destruction
Business interruption due to ransomware
Costs related to incident response and regulatory fines
Carriers see remote desktop exposure as a clear risk factor that can drive up loss frequency and severity.
Underwriting Benefits of Automated Answers
Underwriters benefit from having this question answered automatically and consistently across applicants. It provides:
Reliable evidence of risk posture without relying on self-reporting
Faster risk assessment and pricing decisions
Ability to track trends over time and adjust underwriting guidelines
Standardized data reduces guesswork and supports more accurate risk selection.
What These Trends Mean for Cyber Insurance Stakeholders
The decline in remote desktop exposure and critical CVEs witnessed during this observation period among applicants is a positive sign. It may reflects growing awareness and improved security practices, though further observations are needed. For cyber insurance carriers and brokers, these trends help:
Identify safer applicants and reward them with better terms
Focus risk management efforts on applicants with remaining vulnerabilities
Use data-driven evidence to support underwriting decisions
For companies seeking insurance, the message is clear: closing remote desktop access and patching critical vulnerabilities reduces risk and improves insurability.
Final Thoughts on Using Data to Drive Cyber Insurance Decisions
The last 90 days show encouraging progress in reducing two common attack pathways. Remote desktop access from the public Internet dropped to zero, and critical CVEs declined sharply. These improvements lower the risk of cyber incidents and claims.
Automating the collection and validation of these answers provides clear evidence for underwriters and insurers. It supports faster, more accurate underwriting and helps carriers manage risk portfolios effectively. As cyber threats evolve, continuing to track these trends will remain essential for all stakeholders.
Cyber insurance carriers, brokers, and applicants should prioritize closing these attack paths. Doing so not only strengthens security but also improves insurance outcomes. Follow BreachBits on LinkedIn for more Pulse Check insights: insurance observations from the hacker's perspective.
