- Organisations are spending more on cybersecurity, but that doesn’t mean they’re confident
- 67% of firms experienced a data security breach in the last 24 months
- Almost a third suffered a breach of data as a result
Most companies (67%) have experienced a data breach in the last 24 months, despite an increase in spending, new research from Pentera shows, with 24% experiencing a breach in the last 12 months, and 43% in the last 12 months.
During these breaches, the most common disruption suffered was unplanned downtime, with 36% of breached organizations impacted. Many firms also suffered a breach of data (30%) and financial loss (28%), showing just how damaging security breaches can be.
Of those who disclosed the impacts of the breach, a shocking 76% reported an impact on the confidentiality, integrity, and/or availability of their data – with only 24% reporting no significant impact.
Low confidence
Confidence in cyber support for the private sector is low, with only 14% confident in their government’s cybersecurity support – with 64% of CISOs reporting that the government is giving aid to protect the private sector, but it’s not enough.
US enterprises spent an average of $187,000 annually on penetration testing, or ‘pentesting’, simulating cyberattacks against their own systems to test for vulnerabilities – this amounts to just over 10% of the total IT security budgets, but over 50% of CISOs say they will increase this in 2025.
Changes to company infrastructure, like added users, new configurations, and permission updates, are happening at a much faster rate than security validation, with 96% of US enterprises report making such changes “on at least a quarterly basis, yet only 30% are pentesting at the same frequency,” the report suggests.
“The pace of change in enterprise environments has made traditional testing methods unsustainable,” said Jason Mar-Tang, Field CISO at Pentera.
“96% of organizations are making changes to their IT environment at least quarterly. Without automation and technology-driven validation, it’s nearly impossible to keep up. The report’s findings reinforce the need for scalable security validation strategies that meet the speed and complexity of today’s environments.”
Leave a comment