Pen Testing
Cybersecurity statistics about pen testing
Showing 1-20 of 30 results
77% of organizations conduct regular security assessments and pentests for AI-powered products, an increase of 11 percentage points from last year.
32% of AI-related pentest findings were classified as high risk, compared to 12% of all pentest findings overall.
77% of internal Security Operations Center (SOC) teams reported a skills shortage in penetration testing as of 2025, indicating a significant gap in essential cybersecurity capabilities.
21% of organizations rely on regular penetration testing to assess the effectiveness of their API security measures.
Cloud misconfigurations and excessive permissions vulnerabilities were found in 42% of cloud environments that were pen tested.
More than half (58%) of respondents require third-party penetration test reports to validate software security.
Nearly nine in 10 security leaders (88%) view penetration testing as an essential component of their overall security programme.
The resolution rate for high-severity vulnerabilities found in LLM pentests falls to just 21%.
33% of respondents are still not conducting regular security assessments, including penetration testing, for their Large Language Model (LLM) deployments.
32% of LLM pentest findings are serious
Overall, 69% of serious findings across all pentest categories are resolved.
50% of CISOs identify software-based testing as a primary method for uncovering exploitable security gaps within their organizations.
Pentesting accounts for 11% of the total IT security budgets of U.S. enterprises.
The average total IT security budget for U.S. enterprises is $1.77 million.
U.S. enterprises allocate an average of $187,000 annually to pentesting.
Almost two-thirds (approximately 66%) of security leaders say that missing exposures due to manual pen testing is an issue.
67% say infrequent pen testing has left concerning gaps in security assessments.
Only 66% of organisations are conducting regular security assessments like pentesting on their AI products.
Only 21% of serious vulnerabilities discovered in LLM tests are being resolved.
The proportion of serious findings in pentests has also declined by about half (from 20% to 11%) over 10 years.