Pentera survey shows security budget increase following breach incident spike
The company’s annual report, which surveyed 300 security executives, shows that 88% of organizations have recently been attacked
IsraelDefense
|
28/02/2023
Illustration. BIGSTOCK / Copyright: Pseudolithos
Pentera, an Israeli automated security validation leader, released the findings of its second annual industry survey: The State of Pentesting 2023. Pentera undertook this research to understand the current state of security validation practices and investment in enterprises.
Pentera surveyed 300 CIOs, CISOs, and security executives from enterprises across Europe and the USA. The report provides insights on current IT and security budgets, cyber security validation practices, and how cyber exposure is being managed, while showcasing differences between the regions and enterprise sizes.
Report highlights include:
- Despite large investments in Defense-in-Depth strategies, 88% of organizations report recent attacks: On average, companies have almost 44 security solutions in place, indicating a defense-in-depth strategy, where multiple security solutions are layered to best protect critical assets. However, despite the large number of security solutions implemented, 88% of organizations admit to being compromised by a cyber incident over the past two years.
- Cybersecurity budgets aren't impacted by the financial slowdown: Despite the recent global economic slowdown, cybersecurity budgets are not expected to be impacted in 2023. 92% of organizations report a raise in their IT security budgets, and 85% report a raise in their pentesting budget specifically.
- The drivers for pentesting have evolved beyond regulations: While the need for pentesting originated with regulatory requirements, the top-of-mind motivations for pentesting today are security validation, potential damage assessment, and cyber insurance. With only 22% of respondents citing compliance as their primary motivation for the practice, regulatory or executive mandates are still impactful, but not the primary rationale driving pentesting.
"We're seeing more organizations increase the cadence of pentesting, but what we really need to achieve is continuous validation across the entire organization," said Aviv Cohen, CMO of Pentera. "Annual pentesting assessments leave security teams in the dark most of the year regarding their security posture. Security teams need up-to-date information about their exposure using automated solutions for their security validation."
The company’s annual report, which surveyed 300 security executives, shows that 88% of organizations have recently been attacked
Illustration. BIGSTOCK / Copyright: Pseudolithos
Pentera, an Israeli automated security validation leader, released the findings of its second annual industry survey: The State of Pentesting 2023. Pentera undertook this research to understand the current state of security validation practices and investment in enterprises.
Pentera surveyed 300 CIOs, CISOs, and security executives from enterprises across Europe and the USA. The report provides insights on current IT and security budgets, cyber security validation practices, and how cyber exposure is being managed, while showcasing differences between the regions and enterprise sizes.
Report highlights include:
- Despite large investments in Defense-in-Depth strategies, 88% of organizations report recent attacks: On average, companies have almost 44 security solutions in place, indicating a defense-in-depth strategy, where multiple security solutions are layered to best protect critical assets. However, despite the large number of security solutions implemented, 88% of organizations admit to being compromised by a cyber incident over the past two years.
- Cybersecurity budgets aren't impacted by the financial slowdown: Despite the recent global economic slowdown, cybersecurity budgets are not expected to be impacted in 2023. 92% of organizations report a raise in their IT security budgets, and 85% report a raise in their pentesting budget specifically.
- The drivers for pentesting have evolved beyond regulations: While the need for pentesting originated with regulatory requirements, the top-of-mind motivations for pentesting today are security validation, potential damage assessment, and cyber insurance. With only 22% of respondents citing compliance as their primary motivation for the practice, regulatory or executive mandates are still impactful, but not the primary rationale driving pentesting.
"We're seeing more organizations increase the cadence of pentesting, but what we really need to achieve is continuous validation across the entire organization," said Aviv Cohen, CMO of Pentera. "Annual pentesting assessments leave security teams in the dark most of the year regarding their security posture. Security teams need up-to-date information about their exposure using automated solutions for their security validation."
