The State of Pentesting survey report from Pentera collected responses from 500 senior security executives and CISOs employed in companies with more than 3,000 workers, gaining insights into current budget priorities, security validation practices, and proactive risk management strategy adoption.
According to the report, more than 50% of CISOs deploy software-based pentesting to bolster in-house testing practices. Furthermore, 50% consider software-based testing to be the predominant method for discovering exploitable security vulnerabilities within their organizations. These trends indicate a shift toward testing approaches that provide larger scale, span the entire attack surface, and allow continuous validation of the organization.
Key findings from the survey include:
- 67% of organizations experienced a breach in the past 24 months.
- 76% of CISOs reported a significant impact following a breach, such as unplanned downtime (36%), data exposure (30%), and financial loss (28%).
- Due to the request of a cyber insurance provider, 59% of organizations enacted at least one new security solution they hadn’t considered before.
Moreover, the report discovered that pentesting is given a significant portion of security budgets. In the United States, enterprises dedicate an average of $187,000 per year to pentesting. This accounts for 11% of the total IT security budget.
