A substantial 93% of enterprises admitting to a breach have suffered significant consequences, ranging from unplanned downtime to data exposure or financial loss.
This alarming statistic, unveiled by Pentera’s latest research efforts, underscores the escalating challenges organizations face in safeguarding their digital assets against evolving cyber-threats.
The report, published today, comprehensively analyzes how enterprises worldwide have embraced security validation strategies in response to these pressing concerns.
According to the findings, enterprises are allocating an average of $164,400 – nearly 13% of their total IT security budgets – to pentesting programs. These initiatives serve multiple purposes, including validating the efficacy of security controls, gauging potential attack impact and prioritizing security investments.
However, the report also highlights significant gaps in security testing frequency compared to the pace of changes in the IT environment. While 73% of enterprises undergo IT changes at least quarterly, only 40% conduct pentesting with similar regularity. This discrepancy exposes organizations to prolonged periods of vulnerability, leaving them susceptible to cyber-threats.
Furthermore, security teams are grappling with the escalating volume of security issues, with over 60% of enterprises facing a minimum of 500 security events requiring remediation weekly. Despite deploying an average of 53 cybersecurity solutions per organization, half (51%) of enterprises reported a breach in the last 24 months, underscoring the limitations of technology in ensuring comprehensive security.
Jason Mar-Tang, Pentera’s Field CISO, emphasized the critical need for proactive risk validation in today’s dynamic threat landscape.
“The results of our latest report are indicative of the increasing infrastructure complexity of organizations today and the rising challenges that security teams face along with it,” the executive said.
“Attack surfaces are more dynamic than ever and resources are limited, making it even more critical for organizations to proactively validate their risk exposure with accuracy and pinpoint exploitable gaps across the complete attack surface.”
The report, compiled based on surveys conducted with 450 CISOs, CIOs and IT security leaders from large enterprises worldwide, offers valuable insights into the evolving cybersecurity landscape.
To delve deeper into the implications of these findings, Pentera’s Mar-Tang is hosting a webinar on April 30 featuring industry expert Matt Bromiley, an analyst at the SANS Institute.