Pentesting accounts for an average of 13% of total IT security budgets

A report by Pentera has revealed that enterprises continue to emphasize pentesting as a tool for security validation strategies. Among surveyed respondents, pentesting takes up an average of 13% of the security team’s budget, or an average of $164,400. The report surveyed 450 CIOs, CISOs and IT security leaders to gather this data, shedding light on how enterprises are approaching security validation. 

As breach efforts from malicious actors continue to evolve, the subsequent losses from an attack become more prevalent. Among enterprises that admitted experiencing a breach, 93% reported unexpected downtime, financial loss or data exposure. Therefore, pentesting efforts are often utilized to validate the efficacy of security systems, observe the potential impact of an attack and structure an effective security budget. 

Other notable findings from the report include: 

• Security testing is not keeping pace with organizational IT changes. While 73% report IT environment changes at least quarterly, only 40% report pentesting at the same pace.
• Security teams are increasingly lacking internal resources for pentesting. In 2023, 21% of respondents indicated a lack of resources for remediation as an obstacle. However, that percentage has since risen to 36%. 
• Organizations are adopting more security technology. On average, enterprises utilize 53 security solutions across the entire organization; yet, 51% reported at least one breach in the past 24 months.