ChannelLife Canada - Industry insider news for technology resellers
Canada
Guides
#
cloud services
#
cybersecurity
#
distributors
#
microsoft
#
partner programmes
Search
Story image
#
DevOps
#
Advanced Persistent Threat Protection
#
Breach Prevention

Survey shows enterprises shift towards software-driven pentesting

Yesterday
Author image
By Shannon Williams, Journalist

Pentera's latest State of Pentesting report highlights a move among enterprises towards software-based penetration testing and examines cybersecurity trends among organisations with more than 3,000 employees in the United States, Germany, France, and the United Kingdom.

The report is based on a survey of 500 Chief Information Security Officers (CISOs) and senior security executives and provides insight into security validation practices, budget allocation, and factors affecting the adoption of proactive risk management strategies.

The data reveals that over 50% of CISOs now use software-based pentesting to supplement their in-house security testing, a practice which was not common a decade ago. The same percentage of CISOs now designate software-based pentesting as their primary means of discovering exploitable weaknesses in their organisations' IT environments.

This shift appears to be a response to the scale and complexity of modern enterprise IT environments, which require more extensive coverage of attack surfaces and continuous validation efforts to address persistent vulnerabilities.

According to the survey, 67% of US enterprises have experienced a security breach within the past 24 months, despite the deployment of an average of 75 security tools across their environments and an increase in security stack size for 45% of organisations over the past year. Of those experiencing breaches, 76% reported significant consequences: 36% faced unplanned downtime, 30% saw data exposure, and 28% reported financial losses.

A larger selection of security tools does not always equate to improved outcomes. The report notes the difficulties posed by operational complexity: organisations managing 11 to 50 security devices generate an average of 883 alerts each week, while those with 76 to 100 tools receive 2,048 alerts, and some enterprises juggling over 101 tools deal with 3,074 weekly alerts. This volume can complicate the prioritisation and response to critical threats.

On average, US enterprises spend USD $187,000 per year on pentesting, which represents approximately 10.5% to 11% of the total IT security budget, the latter of which averages USD $1.77 million per organisation. More than half of surveyed CISOs stated they plan to increase their pentesting budgets in the coming year, with nearly half intending to raise total IT security budgets as well.

Use of software-based pentesting platforms is becoming more widespread, with 55% of organisations deploying such tools to support internal security assessments. Half the CISOs polled now see software-driven testing as essential for uncovering their most significant vulnerabilities, indicating increased trust in the efficacy and safety of these solutions.

Cyber insurance providers are influencing enterprise security technology adoption. The report shows 58% of US enterprises and 59% overall have implemented at least one recommended cybersecurity solution at their insurer's request. An additional 34% of US companies had received recommendations for specific security solutions from their insurance providers.

Despite extensive investment in technology and outside advice, confidence in government support for cybersecurity is low. In the United States, 22% of CISOs surveyed said they cannot rely on government support for cybersecurity, while 64% acknowledged government actions but believe they are insufficient. Only 14% feel that the government is fully playing its part in protecting the private sector.

Jason Mar-Tang, Field CISO at Pentera, commented on the findings: "The pace of change in enterprise environments has made traditional testing methods unsustainable. 96% of organizations are making changes to their IT environment at least quarterly. Without automation and technology-driven validation, it's nearly impossible to keep up. The report's findings reinforce the need for scalable security validation strategies that meet the speed and complexity of today's environments."

The survey underpinning the report was carried out by independent research firm Global Surveyz between December 2024 and January 2025.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
NICE & ServiceNow partner on AI to unify customer service
Nozomi integrates with NVIDIA BlueField to boost AI cyber defences
Quantum AI seeing rising business interest despite high costs
Yondr & CBRE launch global data centre apprenticeship scheme
N-able wins Gold at Stevie Awards for AI-powered customer support
Top stories
Innovation forges a secure & sustainable technology future
Ransomware attacks expose urgent risks for critical utilities
Outpost24 expands platform for data & social threat defense
FICO launches Marketplace to link firms with AI data partners
Lastwall IdP earns FedRAMP nod for quantum-ready Zero Trust
OSZAR »