MINNEAPOLIS —March 23, 2022— Core Security by Fortra today announced the results of its third annual pen testing survey. The 2022 Penetration Testing Report identifies industry trends, top security concerns and provides a close look at how cybersecurity professionals are using pen testing in the field.

•    Three quarters of respondents agree that pen testing is important to their security posture
•    More organizations are using pen testing to verify compliance
•    Phishing, ransomware, and misconfigurations are the most common security concerns
•    Support for pen testing has increased and demand for third-party services remains high

Pen testing enables organizations to proactively detect vulnerabilities and close any gaps in security and its value as a vital cybersecurity tool was acknowledged by professionals in the survey, with 76 percent stating that pen testing was important to their organization’s security posture.

Three quarters of respondents use pen testing to measure their security posture, while the same number use pen testing for compliance or other external mandates. The latter shows an increase since last year, suggesting that a growing number of organizations need to comply with industry regulations and use pen testing to demonstrate that mandated security measures are working.

Respondents reported phishing, ransomware, and misconfigurations as their top three security concerns. With ransomware commonly entering organizations through phishing emails, phishing capabilities in pen testing tools were 13 percent more sought after than last year. This year a larger percentage of organizations conducted ongoing phishing simulations to help mitigate this pervasive threat.

This year’s survey shows stronger organizational support for the sponsorship and funding of pen testing programs, hiring of skilled professionals, and getting others to act on the findings. Third-party pen testing teams remain a popular resource, with 83 percent of respondents leveraging third parties in some capacity. Seeking an external viewpoint and applying fresh expertise to the environment were two main reasons cited for organizations employing these teams.

“These findings support the vital role that pen testing plays in an organization’s security strategy and give every sign that it will remain a crucial practice for years to come,” said Mark Bell, Managing Director, Infrastructure Protection at Fortra. “Threats such as phishing, ransomware, and inattention to specific environments are concerning, and putting your organization to the test on a regular basis is the best way to ensure you’re continuously reducing your cyber risk exposure.”

Download the full report here.

About Fortra 
Fortra is a software company focused on helping exceptional organizations secure and automate their operations. Our cybersecurity and automation software protects information and simplifies  IT processes to give our customers peace of mind. We know security and IT transformation is a journey, not a destination. Let’s move forward. Learn more at www.fortra.com

Media Contacts 

North America:
Angela Tuzzo
[email protected]

Lottie Hutchins
[email protected]