Hundreds of millions of known vulnerabilities and exploits on endpoints exist with more announced every week within the OS, apps, browsers, BIOS, firmware, etc. Vulnerability assessment and patching tools exist to attempt to stay on top of these, but it is a significant undertaking to constantly update systems and keep them up to date.
Patching often causes performance or usability issues, critical apps to stop working, and sometimes system crashes/BSODs. Updates often require restarts and end user downtime impacting productivity and employee satisfaction. IT leaders are constantly balancing risk, user experience, and overhead to manage updates. They ultimately choose which updates to roll out and how long after they are disclosed, leaving many PCs with known vulnerabilities and exposure to attack and data theft. This leaves them at risk to being out of compliance, fines, IP loss, negative brand perception, paying ransoms, etc.
And all of this is for vulnerabilities we know about, not unknown.
NGAV/white listing doesn’t detect these non-malware attacks because they use known good software certified by the vendor. EDR often doesn’t detect the nefarious activity or requires a security specialist to investigate but organizations are understaffed and can’t keep up with the investigations.
With more and more users working from home and syncing their entire orgs’ cloud repository locally on their PC, the risk of loss is tremendous.