Offensive Security
Cybersecurity statistics about offensive security
Related Topics
Showing 21-34 of 34 results
Pentesting accounts for 11% of the total IT security budgets of U.S. enterprises.
The average total IT security budget for U.S. enterprises is $1.77 million.
15% of organisations resolve 10% or less of their serious findings in pentests.
Large organisations resolve only 60% of serious pentest findings.
Small companies lead with 81% of serious findings in pentests resolved.
Financial companies have a lower rate of serious findings (11%) in pentests.
The proportion of serious findings in pentests has also declined by about half (from 20% to 11%) over 10 years.
LLM pentests yield the highest proportion of serious vulnerabilities (32%) than any other asset type tested.
57% of organisations resolve at least 90% of their serious findings in pentests.
Larger organisations take over a month longer (61 days) than smaller ones (27 days) to resolve serious findings in pentests.
94% of security leaders agree that pentesting is foundational to security.
Only 21% of serious vulnerabilities discovered in LLM tests are being resolved.
Only 66% of organisations are conducting regular security assessments like pentesting on their AI products.
The rate for serious findings in pentests being resolved in each calendar year remains stuck at just 55%.