An analysis of 769 public threat reports published by Stairwell, a provider of file analysis tools, finds they contained 16,104 more undetected variants of malware beyond the 10,262 instances first discovered by legacy cybersecurity tools and platforms.

Company CTO Mike Wiacek said the report confirms suspicions the number of hidden variants of malware slipping past existing cybersecurity tools is much larger than what is currently suspected, with 21 additional variants detected on average per threat report.

The primary reasons these variants are not detected in the first place is legacy tools and platforms require an exact file hash match to identify malware, said Wiacek. As a result, there is a significant false negative issue that results in cybersecurity teams not detecting large swaths of malware that might be activated at any given time, he added. For every one variant of malware detected, there is one to two other variants that are not being detected, noted Wiacek. Those blind spots eventually lead to one or more cybersecurity incidents that could have been avoided using file analytic tools that map the full tree of malware variants that may have been installed, he said.

That’s critical because as the cost of creating malware variants in the age of artificial intelligence (AI) continues to drop to near zero, the number of variants that might need to be detected will only continue to increase, noted Wiacek. More challenging still, the rate at which the next-generation of cyberattacks can be launched is only going to exponentially increase, he noted.

In summary, the report makes it apparent that tools and platforms that analyze structural and behavioral similarities to identify malware variants are a more effective approach, said Wiacek

It’s not clear what percentage of cybersecurity incidents involve malware that went undetected but the amount of budget dollars being invested in the hopes of enabling a better outcome only continues to increase. A recent Futurum Group survey finds cybersecurity budgets will increase on average to 11% of the IT budget in 2025. Overall, 80% of respondents work for organizations that experienced at least one significant cyber incident within the past 12 months, with cloud security incidents emerging as the most common (31%) followed by data breaches/exfiltration (28%) and ransomware attacks (26%), the survey finds.

Specifically, organizations are focused on enhancing threat detection capabilities (33%), adoption of quantitative risk assessment methodologies (32%), addressing evolving security needs (28%), improving threat response capabilities (27%), automation and containment of security sprawl (27%), enhancing third-party and supply chain risk monitoring (24%) and improving usability and ease of use (23%).

It may be a while yet before a cybersecurity playing field that is decidedly lopsided might one day be evened out as more cybersecurity teams embrace AI to essentially fight fire with fire. In the meantime, many of them should assume that the amount of malware that has been able to evade cybersecurity tools that rely on static searches of hashes is much larger than most anyone might really want to admit given how much has already been spent trying to detect it.