New industry survey conducted by Pentera finds that 88% of organizations report a breach incident in the past 2 years

Boston and Tel Aviv, February 28, 2023Pentera, the leader in automated security validation, released the findings of its second annual industry survey: The State of Pentesting 2023. Pentera undertook this research to understand the current state of security validation practices and investment in enterprises.

Pentera surveyed 300 CIOs, CISOs, and security executives from enterprises across Europe and the USA. The report provides insights on current IT and security budgets, cyber security validation practices, and how cyber exposure is being managed, while showcasing differences between the regions and enterprise sizes.  

Report highlights include:

  • Despite large investments in Defense-in-Depth strategies, 88% of organizations report recent attacks – On average, companies have almost 44 security solutions in place, indicating a defense-in- depth strategy, where multiple security solutions are layered to best protect critical assets. However, despite the large number of security solutions implemented, 88% of organizations admit to being compromised by a cyber incident over the past two years. 
  • Cybersecurity budgets aren’t impacted by the financial slowdown – Despite the recent global economic slowdown, cybersecurity budgets are not expected to be impacted in 2023. 92% of organizations report a raise in their IT security budgets, and 85% report a raise in their pentesting budget specifically. 
  • The drivers for pentesting have evolved beyond regulations – While the need for pentesting originated with regulatory requirements, the top-of-mind motivations for pentesting today are security validation, potential damage assessment, and cyber insurance. With only 22% of respondents citing compliance as their primary motivation for the practice, regulatory or executive mandates are still impactful, but not the primary rationale driving pentesting.   

“We’re seeing more organizations increase the cadence of pentesting, but what we really need to achieve is continuous validation across the entire organization,” said Aviv Cohen, CMO of Pentera. “Annual pentesting assessments leave security teams in the dark most of the year regarding their security posture. Security teams need up-to-date information about their exposure using automated solutions for their security validation.”

The results of the report will be presented by Aviv Cohen at Pentera’s XPOSURE Summit on March 1, 2023. The summit focuses on actionable methodologies for developing and executing successful Exposure Management strategies. Register online here.