“We already knew that we were vulnerable, the CISO has already planned a deployment of patches in 2025.”