GIVEAWAY
Win the ultimate AI security check with a free pentest giveaway!
GIVEAWAY
Win the ultimate AI security check with a free pentest giveaway!

The Fifth Edition State of Pentesting Report: Preview

The State of Pentesting 2023 drops on April 12th — get a taste of the report with this sneak peek, and sign up to receive it in your inbox on launch day.

Often imitated, never duplicated, Cobalt’s annual State of Pentesting Report drops in a matter of days — April 12th, to be exact. That’s right, it’s that time of year again. 

With RSA around the corner, every cybersecurity company in the world (practically) is finding announcements to drop at the show, and April will be buzzing with industry news. So we’re getting ahead of it by sharing a sneak peek of what’s to come in our 2023 edition. 

Blog CTA

Over the years, the State of Pentesting Report has functioned as a litmus test for how buyers view, consume, and value pentesting. After pioneering Pentest as a Service (PtaaS) and seeing it become a recognized industry term, we at Cobalt realized that the evolution of pentesting warrants its own research. We wanted to examine the effects of industry megatrends on cybersecurity and, by extension, pentesting, given that digital transformation is now a staple of corporate IT and so change is a constant. We weren’t disappointed. 

What’s new about this year’s report? 

Last year, we studied the impact of The Great Resignation – and subsequent talent shortages – on security programs, and unpacked the relationship between security and development colleagues. Those currents still run through this year’s State of Pentesting Report, and we’ve layered on the perspective of pentesters to supplement our findings and present firsthand accounts of how customers can wring value from every stage of the pentest lifecycle.  

We’ve also expanded our scope to include both the US and EMEA. The methodology remains fundamentally the same: findings derive from hundreds of survey responses and thousands of Cobalt-conducted pentests. 

Here’s a sneak peek at some of the key stats in the report around macroeconomic trends, how they’re affecting security teams, and how vulnerable organizations are in the midst of change and transformation: 

US

  • 77% of security teams have experienced layoffs.
  • 73% of affected teams struggle to manage vulnerabilities.
  • 96% of security teams were slower to patch critical vulnerabilities compared to 2021.

EMEA

  • 1 in 4 security teams have gone through layoffs. 
  • 1 in 4 security teams have had their budget cut. 
  • 58% of affected security teams struggle to manage vulnerabilities.

What’s the objective of releasing this research?

The State of Pentesting Report gives a pulse reading on the industry, but we aren’t satisfied to simply ask, “what’s happening in cybersecurity?” 

Cobalt’s mission with The State of Pentesting Report is to tell the story of how teams can avoid being hamstrung by seismic workplace and technology shifts. We want you to read and to learn how to flip the script to maximize value for professional gain. 

Is it true other vendors now publish reports called “State of Pentesting”? 

Yes. Cobalt’s research is differentiated on several fronts. For one, we benchmark based on anonymized data from thousands of pentests – and speaking of which, we’re closing in on our 10,000th pentest which will be a major milestone. And for the upcoming installment we’ve tapped into the brainpower of the Cobalt Core, our 400+ global community of skilled, vetted testers. 

As long as everyone is committed to furthering the collective understanding of this industry and improving security for the masses, we’ll applaud their efforts. After all, imitation is a form of flattery. 

To receive the report as soon as it launches on April 12th, sign up here. 

Back to Blog
About Vasilena Stamboliyska
Vasilena Stamboliyska is a Senior Manager of Content Marketing at Cobalt. She leads content creation for Cobalt’s industry-leading digital resources by aligning closely with internal and external security subject matter experts to bring impactful stories to life. She oversees multiple high-impact content initiatives, including Cobalt's yearly State of Pentesting report, Caroline Wong's latest publication, "The PtaaS Book," and her "Humans of InfoSec" podcast. Vasilena's drive for data-driven and compelling narratives has helped Cobalt share proprietary pentesting data, as well as highlight upcoming challenges in the cybersecurity community and how teams can work to solve them. More By Vasilena Stamboliyska
PtaaS Roadshow Recap: Into the Hacker’s Mind
Cobalt Core members Vanessa Sauter, Derek Carlin, and Andreea Cristina Druga share insights on how to prepare for a pentest, what tools they use to stress test your assets, and the steps they take to check what vulnerabilities you’re susceptible to.
Blog
Nov 18, 2022
Pentests in Risk Assessments: When, Why, How
Find your vulnerabilities, determine the risk, and outline remediation — pentests can do all of this in support of your risk assessments.
Blog
Feb 14, 2023
Cobalt Is Now ISO 27001 Certified
Combined with our CREST and SOC 2 Type II certifications, this achievement highlights our commitment to keeping customer and partner data safe. 
Blog
Dec 12, 2022