Pentesting No Longer Driven by Regulatory Compliance, New Study Finds>
MSSP Alert – D. Howard Kass
While the initial need for penetration testing (pentest) arose from regulatory compliance, it is no longer the prime mover, said Pentera, an automated security validation specialist in a new report.

Only 22% of the study’s participants pointed to compliance as the main reason to pentest. Regulatory or executive mandates are still impactful but not the primary rationale driving pentesting, Pentera said. Despite deploying multiple security solutions, nearly nine in 10 organizations (85%) in the last two years bumped up their pentesting security budgets following a breach incident, said Pentera. But it’s not just additional budget that should be driving more pentesting, the company said, but rather a strategy and vehicle for continuous validation.

On average, companies have almost 44 security solutions in place, indicating a defense-in-depth strategy, where multiple security solutions are layered to best protect critical assets. Despite the large number of security solutions implemented, 88% of organizations admit to being compromised by a cyber incident over the past two years. Cybersecurity budgets are not expected to be impacted by an expected economic slowdown in 2023. 92% of organizations report a raise in their IT security budgets, and 85% report a raise in their pentesting budget specifically.
Link: https://www.msspalert.com/cybersecurity-news/pentesting-no-longer-driven-by-regulatory-compliance-new-study-finds/