Relying exclusively on a numerical severity rating such as that provided by a standardized scoring system is not sufficient in all situations. In practice, vulnerability prioritization should incorporate additional factors such as the particular context of the systems involved, the value or sensitivity of the data or services affected, the potential impact on the business, and the existence of real-world exploits. This makes the prioritization process more nuanced and contextual to the specific environment the cybersecurity analyst is protecting.