Penetration testing trends are more critical than ever. In the past 24 months, over 88% of organizations have been breached. Nearly nine out of ten companies were hacked, despite using an average of 44 security tools to protect their IT environments. This alarming statistic highlights the urgent need for effective penetration testing strategies to address modern threats.
Global changes—ranging from the economic slowdown to a growing awareness of cyber risks—are influencing how organizations approach penetration testing and security validation. Emerging practices, such as incorporating cyber insurance and leveraging automation, are reshaping the cybersecurity landscape.
The way enterprises handle such security threats is impacted by global trends, from the economic slowdown to the growing awareness of cyber risks and threats. Additional trends, like the emergence of satellite security practices such as cyber insurance, are also influencing security strategies.
So how are these global trends impacting penetration testing practices? We explore the answers in our latest State of Penetration Testing 2023 Report, conducted in collaboration with Global Surveyz Research. This comprehensive survey of 300 security executives from the US, UK, and Western Europe provides an overarching picture of penetration testing trends today.
Our key findings include:
To read the complete report with all the details, click here.
Let’s take a closer look at these findings.
Despite the economic slowdown caused by global supply chain shortages and geopolitical conflicts, organizations cannot afford to be complacent about cybersecurity. A Check Point Research report found that cyberattacks rose by 38% in 2022 compared to the previous year, with an average of 1,168 weekly attacks per organization.
Our findings align with this trend: over the past two years, 88% of organizations reported being compromised by a cyber incident. However, there is some optimism. According to our report:
92% of organizations are increasing their IT security budgets.
86% are raising their penetration testing budgets.
Approximately a third of respondents plan to increase budgets by over 10%.
It seems that the issue of security is taken seriously and that the value CISOs and security experts are bringing to the table is recognized and appreciated.
Not too long ago, if you were to ask a security executive what was the top reason for conducting pentesting, they’d tell you it was meeting regulatory compliance. Checking the boxes was common practice among many CISOs, however today, we’re seeing an evolution from regulatory-driven to security-driven practices. Our report finds that the top motivators for pentesting according to security executives are:
This shift in drivers and triggers for pentesting is a clear sign of the growing maturation within the cybersecurity industry and the growing understanding of the value the adversarial perspective brings. One of the most impactful penetration testing trends is using these assessments to mitigate risks like credential exposure. Organizations embracing ethical hacking practices are increasingly prioritizing this focus to enhance their security postures.
Another interesting trend is the emergence of cyber insurance as a pentesting driver. In our 2020 survey, only 2% of respondents mentioned cyber insurance as a decision making factor for pentesting and that number has jumped to 36% today. This correlates to what we’ve seen with our customers, who are more conscious of cyber insurance requirements than ever before.
Security executives are particularly concerned about risks to business continuity. Frequent software updates require equally frequent penetration testing to ensure coverage and relevance. However, barriers such as limited manual pentesters and concerns about disrupting business applications prevent many organizations from increasing testing frequency.
With the continual updates in software and applications, pentesting should also take place frequently to ensure coverage and relevance. Yet, 45% of respondents who conduct pentesting are alarmed by the potential risk to business applications or network availability when pentesting. This prevents them from increasing their pentesting frequency. Another barrier to increasing pentesting rates is the lack of manual pentesters.
Automation addresses these challenges by enabling continuous testing without over-reliance on manual efforts. It also strengthens defenses against advanced threats like Living Off the Land Binaries and Scripts (LOLBAS), as highlighted in the Verizon 2024 DBIR.
Despite the growing need for penetration testing, many organizations are still falling short. According to our survey:
15% of organizations run automated pentesting.
39% conduct manual tests in-house.
42% rely on third-party services.
18% don’t run penetration tests at all.
Pentesting automation can bridge these gaps, enabling organizations to conduct frequent and efficient tests. Continuous pentesting reduces dependency on manual testers, avoids business disruption, and supports a proactive security posture.
Promisingly, 96% of security executives expect to have in-house Red Teams by the end of 2023. These teams can further enhance the scope and velocity of penetration testing initiatives.
Defense-in-depth remains a widely adopted strategy, with 92% of organizations relying on this layered approach. However, the prevalence of cyberattacks suggests that current implementations are falling short. For example:
Most organizations conduct penetration tests only once a quarter or less frequently.
Half of organizations run tests only once or twice a year.
These testing schedules are insufficient to address evolving threats. This means that most organizations are not testing their defenses enough to know whether their security strategies are effective. Organizations must integrate penetration testing trends like automation and ethical hacking into their strategies to stay ahead.
That’s is why we created this report: so you can learn about how other companies are dealing with these issues and how you can adjust your own security strategies to modern digital needs.
Our State of Pentesting 2023 Report offers insights into how organizations are navigating modern cybersecurity challenges. By adopting continuous pentesting, automating processes, and focusing on actionable insights, businesses can strengthen their security posture and align with current penetration testing trends.
Read the full report here to learn how to transform your security strategy for the digital age.
Begin your journey in security validation and see why leading companies trust us with their cybersecurity validation.