Pentera Pentesting Report Calls for Increased Security Testing

Threat actors are continuing to successfully breach across the entire attack surface and the stakes are getting higher, according to Pentera, a Boston-based security validation vendor which released the results of its third annual State of Pentesting survey. According to that data, 93% of enterprises who admitted a breach reported unplanned downtime, data exposure, or financial loss as a result.

The survey suggests that enterprises are continuing to prioritize pentesting as part of their security tool kit, accounting for an average of $164,400, nearly 13% of their total IT security budgets. The main drivers and uses for pentesting programs continue to be validating security controls’ efficacy, understanding potential attack impact, and prioritizing security investments. Over 50% of CISOs report that they share the results of pentest assessments with their leadership teams as well as their Boards of Directors, using these reports as a tool to communicate cybersecurity risk both within and outside their organizations.

Yet, security testing is struggling to keep pace with organizational IT change rates: 73% of enterprises report changes to their IT environments at least quarterly, however only 40% report pentesting at the same frequency, according to the report. This underscores a serious frequency gap between the rate at which changes occur within the IT infrastructure and the rate of security validation testing, leaving organizations open to risk for extended periods of time.

Security teams are falling behind the rate of security issues: Over 60% of enterprises report a weekly minimum of 500 security events that require remediation. What’s more, organizations are even more resource constrained than before. In 2023, only 21% of respondents reported a lack of internal resources for remediation as a barrier to pentesting, while this year the number has leaped to 36%.

On average, enterprises already have 53 security solutions in use across their organization, however, despite large security stacks, 51% of enterprises reported a breach over the past 24 months.

“The results of our latest report are indicative of the increasing infrastructure complexity of organizations today and the rising challenges that security teams face along with it. Close to a third of CISOs who cited a breach reported financial loss and data exposure, while 43% reported unplanned downtime as a result of the breach,” said Jason Mar-Tang, Field CISO at Pentera. “Attack surfaces are more dynamic than ever and resources are limited, making it even more critical for organizations to proactively validate their risk exposure with accuracy and pinpoint exploitable gaps across the complete attack surface.”

Pentera surveyed 450 CISOs, CIOs, and IT security leaders at enterprise companies with more than 1,000 employees across the Americas, EMEA, and APAC to compile this report. 

Channel Impact^®
The report provides partners with a snapshot of how security leaders in enterprises across the globe have adopted security validation strategies across their organizations over the past year.