Bitsight is raising concerns over a potentiality "where the rate of patching tapers off leaving behind a legacy set of systems that remain vulnerable, perhaps unbeknownst to system Operators."
Likewise, Bitsight has also identified BlueKeep risk by industry, finding that the Telecommunications industry has an outsized risk, with over one third of organizations having vulnerable systems. Education follows in section place at just over 5%, followed by Technology, Government, and Utilities.