Pentera Logo Pentera Logo White
Platform
Pentera Platform
A single platform for everything security validation and remediation
Learn more
Pentera Labs Research
Advanced research of the latest attack techniques
Integrations
Connect exposure validation with your security ecosystem
Safety & Compliance
Controlled execution with audit proof
Products
Pentera Core
Internal network security validation
Pentera Surface
External network security validation
Pentera Cloud
Cloud identity and hybrid environment security validation
Pentera Resolve
Automated remediation orchestration
blog
Sep 2025
How to Win Cybersecurity Budget Approval with Continuous Validation
It’s budget season. Once again, security is being questioned, scrutinized, or deprioritized. If you're a...
Read the blog
Research
Pentera Labs
Elite cyber threat researcher team
Learning
Cybersecurity glossary
Security validation terminology and definitions
resources
Feb 2026
LOLBins Against the Machine: Reverse Engineering at Machine Speed
Purpose Attackers can utilize Living Off the Land Binaries (LOLBins) to execute commands, evade detection,...
Read now
Customers
Customer stories
Read how some of the world's most forward-thinking companies validate their security
Video testimonials
See what people who use Pentera have to say about it
“Pentera helps us prioritize what truly matters and gives us confidence we are covering our global environment continuously.”
“Seeing a domain admin account cracked in production changed how we view internal exposure.”
“Pentera helped us advance our red team and continuously improve penetration testing.”
“Pentera makes it easier to focus on what is truly exploitable instead of chasing long vulnerability lists.”
“In a complex, large-scale environment, Pentera delivers the speed and visibility security teams need.”
“Pentera amplified our team’s performance and delivered measurable value to upper management.”
"Pentera allows us to tailor testing to each service, reduce time and costs, and shift our focus from simply finding vulnerabilities to actively helping our teams fix them.”

Rubén Alonso | Head of Secure
Development Unit, Telefonica

Watch now
“I don’t think we’d be able to advance our red team without Pentera. If you’re looking to improve penetration testing, I would definitely recommend it.”

Owen Fuller | Cybersecurity Engineering
Manager, Casey’s

Watch now
Resources
Resources Center
Blog
Glossary
Guides
Annual Survey
See all cybertoons
Company
About Pentera
Learn who are we and what’s our mission
Careers
Open roles across engineering, research, and go-to-market
Trust Center
Security, privacy, compliance, and certifications
Contact Us
Write to us and we’ll get back to you
Partners
Become a Partner
Become a Pentera partner
Partner Program
Learn how we support our partners across the globe
Partner Login
Access the partner portal
News & Press
Newsroom
Company announcements and press releases
Open positions
Talk to an Expert
Pentera / Newsroom

Pentera’s State of Pentesting Survey Report 2025

07 May 2025

Enterprises are adopting the adversarial perspective and software-based pentesting platforms to identify real risk and prioritize security efforts more effectively

BOSTON, May 8, 2025 – Pentera, the market leader in automated security validation, today announced the release of its fourth annual State of Pentesting survey report. Pentera surveyed 500 CISOs and senior security executives from enterprises with more than 3,000 employees across the United States, Germany, France, and the United Kingdom. The 2025 report offers data-driven analysis on the current state of security validation practices, budget priorities, and the key factors influencing the adoption of proactive risk management strategies.

Unthinkable a decade ago, today over 50% of enterprise CISOs report using software-based pentesting to support their in-house testing practices. Even more notable, 50% of CISOs now identify software-based testing as a primary method for uncovering exploitable security gaps within their organizations. These trends signal a broader shift toward testing approaches that offer greater scale, cover the full attack surface, and enable continuous validation of the enterprise.

Key findings from the report include:

  • 67% of enterprises reported a breach in the past 24 months – 76% of CISOs reported a significant impact following a breach; 36% reported unplanned downtime, 30% cited data exposure, and 28% experienced financial loss.
  • Pentesting represents a significant share of security budgets – S. enterprises allocate an average of $187,000 annually to pentesting, accounting for 11% of their total IT security budgets, which average $1.77 million.
  • Cyber insurance providers are driving tech adoption – 59% of enterprises have adopted at least one new security solution they were not previously considering at the request of their cyber insurance provider.

“The pace of change in enterprise environments has made traditional testing methods unsustainable,” said Jason Mar-Tang, Field CISO at Pentera. “96% of organizations are making changes to their IT environment at least quarterly. Without automation and technology-driven validation, it’s nearly impossible to keep up. The report’s findings reinforce the need for scalable security validation strategies that meet the speed and complexity of today’s environments.”

The survey was conducted by Global Surveyz, an independent research firm, from December 2024 through January 2025.

Test your security