Historically, mainly due to legal or regulatory requirements, the public sector, utilities, pharmaceutical companies and financial institutions —
all involved in processing sensitive data —
have been the predominant users of penetration testing. However, an increasing array of organizations now conduct penetration testing, not just for compliance reasons, but because of the online nature of nearly all businesses today and the increasing threat from real cyberattacks.