The State of Pentesting 2023: Global Trends in Cybersecurity

In the last two years, almost all organizations (88%) have had security breaches, which means nine out of ten companies were hacked. Despite using 44 security solutions on average, organizations are still vulnerable to cyber threats. Economic slowdown and increased awareness of cyber risks have influenced how companies handle security.

A new report by Global Surveyz Research interviewed 300 security executives from large companies in the US, UK, and Western Europe who hold VP or C-level positions. It shares the following key findings:

  1. Organizations continue to experience high rates of breaches.
  2. Pentesting is more than a regulatory measure.
  3. More companies are establishing in-house Red Teams.

Even during economic slowdown and conflicts, cybersecurity remains a top priority. Research shows a 38% increase in cyberattacks in 2022, with an average of 1,168 weekly attacks per organization. 88% of organizations reported being compromised by cyber incidents in the past two years. However, there is hope as 92% of organizations are increasing their IT security budgets, with 86% allocating more resources to pentesting. This shows that organizations recognize the importance of cybersecurity.

Pentesting has evolved beyond regulatory compliance, driven by the need for security control, meeting insurance requirements, and assessing potential damage. Cyber insurance has become a significant driver for pentesting. The risk to business continuity is a concern, but automation plays a vital role in enabling efficient and continuous pentesting.

Only 15% of organizations use automated pentesting, while others rely on manual or third-party services. By the end of 2023, it is expected that 96% of security executives will have an in-house red team. Defense-in-depth is the most widely used cybersecurity approach, but the prevalence of cyber attacks raises questions about its effectiveness.

To address these issues, we have developed this report to provide insights into how other companies handle cybersecurity challenges. Use it to adjust your security strategies.

Share post: