Why penetration testing must evolve – and how Old Mutual got it right

In today’s fast-moving threat landscape, the real risk is not just being attacked – it’s not knowing where you are exposed.

Too many organisations still rely on outdated penetration testing models – annual, slow and reactive. These legacy approaches cannot keep pace with today’s AI-driven threats, continuous code deployments or increasingly stringent regulatory demands. For CISOs and IT leaders, this creates a dangerous gap between what needs to be secured and what actually is.

Take Old Mutual, one of Africa’s leading financial services providers. It was facing challenges familiar to many enterprises:

• Long lead times between test requests and results.
• A growing technology footprint with multiple release cycles.
• Decreasing capacity for continuous testing in fast-paced DevOps environments.

The result? Security testing became a bottleneck instead of a business enabler.

That changed when Old Mutual partnered with Wolfpack Information Risk and Synack to implement penetration testing as a service (PTaaS) – a model designed to meet the demands of 2025.

Instead of waiting weeks for a static PDF report, Old Mutual now benefits from:

• 24/7 access to over 1 000 vetted security researchers.
• Real-time reporting and remediation validation.
• Executive dashboards showing key metrics like MTTR (mean time to remediation), exploitability scores and attacker resistance scores.
• Closed-loop workflows that accelerate remediation and reduce repeat issues.

“Penetration testing needs to shift from being a checkbox exercise to a continuous resilience enabler,” says Craig Rosewarne, Managing Director of Wolfpack Information Risk. “CISOs need speed, visibility and outcomes they can act on – especially with AI-powered threats and regulatory pressure intensifying. This is exactly why Old Mutual’s story matters right now.”

On 21 August 2025, Wolfpack will host the first session of its “From Reactive to Resilient” webinar series, where attendees will gain an inside look at Old Mutual’s journey, the challenges they overcame and a live demo of PTaaS in action.

If you are a CISO, IT leader or compliance professional grappling with slow testing cycles, a lack of visibility or growing third-party risk – this session is for you.

Reserve your seat here.