Cyber leaders say penetration testing is not foolproof
Research shows that while organizations invest significantly and rely heavily on penetration testing for security, the widely used approach doesn’t accurately measure their overall security posture or breach readiness — the top two stated goals among security and IT professionals. The research, conducted by Informa Tech and commissioned by CyCognito, surveyed enterprises with 3,000 or more employees and found that 70% of organizations perform penetration tests as a way to measure their security posture and 69% to prevent breaches, yet only 38% test more than half of their attack surface annually.
Many organizations are conducting penetration tests to detect and mitigate threats yet remain dangerously vulnerable. CyCognito’s research shows that when using penetration testing as a security practice organizations lack visibility over their Internet-exposed assets, resulting in blind spots that are vulnerable to exploits and compromise. Just as locking the front door of a house but leaving the back door and windows unlocked creates an attractive target, attackers will naturally focus on those IT assets organizations leave untested.