Enterprises shift to software-based pentesting

The latest State of Pentesting report from Pentera reveals that over 50 percent of enterprise CISOs now report using software-based pentesting to support their in-house testing practices.

Based on research conducted by Global Surveyz, the report notes that 50 percent of CISOs now identify software-based testing as a primary method for uncovering exploitable security gaps within their organizations.

Among the report's other findings, 67 percent of enterprises have reported a breach in the past 24 months and 76 percent of CISOs report a significant impact following a breach. 36 percent report unplanned downtime, 30 percent cite data exposure, and 28 percent have experienced financial loss.

Pentesting increasingly represents a significant share of security budgets too. US enterprises allocate an average of $187,000 annually to pentesting, accounting for 11 percent of their total IT security budgets, which average $1.77 million.

Interestingly cyber insurance providers are driving tech adoption, 59 percent of enterprises say they have adopted at least one new security solution they were not previously considering at the request of their cyber insurance provider.

"The pace of change in enterprise environments has made traditional testing methods unsustainable," says Jason Mar-Tang, field CISO at Pentera. "96 percent of organizations are making changes to their IT environment at least quarterly. Without automation and technology-driven validation, it's nearly impossible to keep up. The report's findings reinforce the need for scalable security validation strategies that meet the speed and complexity of today's environments."

The full State of Pentesting 2025 report is available from the Pentera site.

Image credit: Josepalbert13/Dreamstime.com