The cybersecurity landscape is rapidly evolving, with cyber threats becoming more sophisticated and pervasive. The rise of Large Language Models (LLMs) has made it easier for attackers to target critical infrastructure, amplifying the risks faced by organizations worldwide. Pentera’s 2024 State of Pentesting report, based on a survey of 450 CISOs, CIOs, and IT security leaders across the Americas, EMEA, and APAC, sheds light on the pressing challenges and shifting paradigms in cybersecurity.
The survey reveals that 51% of organizations have experienced a breach in the past 24 months, underscoring the persistent threats facing enterprise IT environments. Despite the adoption of Continuous Threat Exposure Management (CTEM) frameworks, organizations are still grappling with unexpected downtime, data exposure, and financial losses. Only 7% of respondents reported no significant impact from these breaches, highlighting the need for stronger security measures.
One significant challenge highlighted in the report is the financial reality faced by organizations. While cybersecurity threats are increasing, 53% of organizations report that their IT security budgets for 2024 are either decreasing or stagnating. This poses a dilemma for security leaders who must find ways to maximize operational efficiency and make the most of existing security tools and resources.
Another key trend identified in the report is the increasing engagement of leadership in cybersecurity matters. More than 50% of CISOs now share pentest assessment results with their Boards of Directors, indicating a growing interest from management teams in understanding the potential impacts of cyber incidents on the organization’s operations and business.
Organizations are investing heavily in manual pentesting, with an average annual expenditure of $164,400, accounting for 12.9% of their total IT security budget. However, despite this investment, 60% of organizations conduct pentesting only twice a year at most, raising questions about the return on investment for this activity.
The report also highlights a discrepancy between the frequency of security testing and network changes. While 73% of organizations report changes to their IT environments at least quarterly, only 40% conduct pentesting with the same frequency. This gap in security validation testing leaves organizations vulnerable to extended periods of risk, emphasizing the need for more frequent and comprehensive security assessments.
In the face of over 500 security events requiring remediation per week for more than 60% of organizations, achieving “patch perfection” is increasingly challenging. Security teams are focusing their efforts on addressing the most critical security gaps to prevent potential exploits by hackers, prioritizing their security efforts to mitigate risks effectively.
Overall, Pentera’s 2024 State of Pentesting report underscores the complexity and dynamism of cybersecurity in today’s digital world. As organizations navigate through these challenges, the insights from the report serve as a valuable resource for security leaders looking to enhance their security validation strategies and build more resilient enterprises.