Organisations take nearly two months to patch critical risk vulnerabilities in their IT systems, said a recent report by cyber security firm Edgescan. The report also found that there are many known vulnerabilities unpatched within these organisations, with over 50% of the vulnerabilities being more than two years old, 17% more than five years old, and 1.5% being over 20 years old.