Cyber threats are evolving at an unprecedented pace, and the threats have recently been amplified due to the ease of attacking critical infrastructure amidst the rise of Large Language Models (LLMs). Pentera’s 2024 State of Pentesting report sheds light on the pressing challenges and shifting paradigms in cybersecurity across global organizations.
Conducted among 450 CISOs, CIOs, and IT security leaders across the Americas, EMEA, and APAC, the survey provides a comprehensive view of the current state of security validation strategies, revealing critical insights into how enterprises are navigating the complexities of cybersecurity in a rapidly evolving world.
A Snapshot of the Current Cybersecurity Landscape
A striking 51% of organizations reported experiencing a breach within the past 24 months, highlighting the persistent threats facing enterprise IT environments today. Despite the adoption of Continuous Threat Exposure Management (CTEM) frameworks, organizations are grappling with unexpected downtime, data exposure, and significant financial damages, with only 7% of respondents reporting no significant impact from these breaches.
Financial Realities: Budgets vs. Breaches
In a notable shift from the previous year’s optimism, 53% of organizations report their IT security budgets for 2024 are either decreasing or stagnating. This stark reality poses a significant challenge for security leaders, who are now tasked with doing more with less—maximizing operational efficiency and leveraging existing security suites to their fullest potential.
Leadership Engagement in Cybersecurity
The report also highlights a growing trend: over 50% of CISOs now share pentest assessment results with their Boards of Directors (BoDs), underscoring an increased interest from management teams and BoDs in understanding organizational resilience and the potential operational and business impacts of cyber incidents.
The Cost of Vigilance
Organizations are investing heavily in manual pentesting, with an average annual expenditure of $164,400, accounting for 12.9% of their total IT security budget. However, with 60% of organizations conducting pentesting only twice a year at most, this represents a significant investment in an activity that may not have an obvious ROI.
The Dynamics of Security Testing and Network Changes
The frequency of security testing still lags behind the rate of network changes, with 73% of organizations reporting changes to their IT environments at least quarterly, while only 40% report conducting pentesting with the same frequency. This discrepancy highlights a critical gap in security validation testing, leaving organizations vulnerable to extended periods of risk.
Prioritizing Security Efforts
With over 60% of organizations reporting a minimum of 500 security events requiring remediation per week, achieving “patch perfection” is increasingly unfeasible. In cybersecurity, “patch perfection” refers to the ideal state where all software security patches and updates are applied promptly and effectively.
This ensures that vulnerabilities are addressed as soon as fixes are available, minimizing the window of opportunity for cyber attacks. Security teams are thus focusing their efforts on addressing the most critical security gaps to preempt potential exploits by hackers.
Conclusion
Pentera’s 2024 State of Pentesting report underscores the complex and dynamic nature of cybersecurity in today’s digital world. As organizations navigate through these challenges, the insights from the report serve as a crucial resource for security leaders seeking to enhance their security validation strategies and build more resilient enterprises.