MINNEAPOLIS (March 26, 2020)—Core Security, a Fortra Company, today announced the results of its inaugural penetration testing survey in its 2020 Penetration Testing Report, indicating that cybersecurity professionals regularly rely on pen testing in their companies. In fact, 85 percent of respondents reported that they pen test at least once per year and 67 percent consider it important to their organization’s security posture.
This new report highlights the results of a comprehensive global survey of more than 800 cybersecurity professionals across multiple sectors based on their experiences with pen testing. The findings offer an accurate picture of how penetration testing is used by different organizations and provide insight about the effectiveness of ethical hacking strategies.
“Having spent more than two decades observing and participating in the evolution of penetration testing, we wanted to drill down on the role that penetration testing plays across organizations of different sizes and industries,” said Brian Wenngatz, General Manager, Core Security, a Fortra Company. “This survey and findings provide a comprehensive picture of the effectiveness of ethical hacking strategies, and the resources required to deploy a successful pen testing program.”
Organizations appeared to have an even balance for why they pen test, with 70 percent reporting that they perform pen tests for vulnerability management program support, 69 percent for measuring security posture, and 67 percent for compliance.
Penetration testing is widely considered an effective way to reduce risk and is a vital method to evaluate the security of an organization. By attempting to exploit potential security weaknesses of all kinds, from misconfigurations to end user mistakes, organizations can proactively take action before an attack occurs.
In regard to compliance, 68 percent of respondents reported that pen testing was important for their compliance initiatives, with the most important data to protect—customer, patient, financial, or employee information—falling under some type of regulation or industry standard, like NIST, SOX, NERC, HIPAA, CMMC, and GDPR.
“Penetration testing remains the best way to keep ahead of adversaries by allowing companies to uncover vulnerabilities and it is essential in adhering to ongoing regulatory compliance for companies across every sector,” said Wenngatz. “This report has sought to create a pivotal resource from which the cybersecurity community can find tremendous value and leverage actionable insights in their own organizations.”
About Core Security, A Fortra Company
Core Security provides organizations with critical, actionable insight about who, how, and what is vulnerable in their IT environment. With our layered security approach and robust threat-aware, identity & access, network security, and vulnerability management solutions, security teams can efficiently manage security risks across the enterprise.
Vice President, Marketing