Cyber threats are evolving at an unprecedented pace and have recently increased due to the ease of attack on critical infrastructures in a context of increasing power of large linguistic models (LLM). from Pentera State of Pentesting Report 2024 highlights the pressing challenges and shifting paradigms in cybersecurity in global organizations.
Conducted among 450 CISOs, CIOs and IT security leaders across the Americas, EMEA and APAC, the survey provides a comprehensive view of the current state of security validation strategies, revealing critical insights into how businesses manage the complexities of cybersecurity in a timely manner. changing world.
An overview of the current cybersecurity landscape
A staggering 51% of organizations reported experiencing a breach in the past 24 months, highlighting the persistent threats facing enterprise IT environments today. Despite the adoption of Continuous management of threat exposure (CTEM), organizations are grappling with unexpected downtime, data exposure and significant financial damage, with only 7% of respondents reporting no significant impact from these breaches.
Financial realities: budgets and shortcomings
Contrary to the optimism of the previous year, 53% of organizations report that their IT security budgets for 2024 are declining or stagnant. This harsh reality poses a significant challenge to security leaders, who are now tasked with doing more with less, maximizing operational efficiency and taking full advantage of existing security suites.
Executive commitment to cybersecurity
The report also highlights a growing trend: more than 50% of CISOs now share the results of pentest assessments with their boards of directors (BoDs), highlighting an increased interest from management teams and Boards in understanding resilience organizational and potential operational and commercial impacts of cyber incidents. .
The cost of vigilance
Organizations are investing heavily in manual penetration testing, with an average annual spend of $164,400, representing 12.9% of their total IT security budget. However, with 60% of organizations only performing penetration testing twice a year at most, this represents a significant investment in an activity that may not have a clear ROI.
The dynamics of security testing and network changes
The frequency of security testing continues to lag behind the pace of network changes, with 73% of organizations reporting changes to their IT environment at least once a quarter, while only 40% say they conduct penetration testing at the same frequency. This gap highlights a critical gap in security validation testing, leaving organizations vulnerable to extended periods of risk.
Prioritize security efforts
With more than 60% of organizations reporting at least 500 security events requiring remediation per week, achieving “patch perfection” is increasingly unattainable. In cybersecurity, “patch perfection” refers to the ideal state in which all software security patches and updates are applied quickly and efficiently.
This ensures that vulnerabilities are fixed as soon as patches become available, minimizing the window of opportunity for cyberattacks. Security teams therefore focus their efforts on fixing the most critical security vulnerabilities in order to anticipate potential hacker exploits.
Conclusion
from Pentera State of Pentesting Report 2024 highlights the complex and dynamic nature of cybersecurity in today’s digital world. As organizations address these challenges, the report’s findings provide a crucial resource for security leaders looking to improve their security validation strategies and build more resilient businesses.
