Skip to main content
HomeTopicsPen test

Pen test

Cybersecurity statistics about pen test

Related Topics

Top Vendors

Showing 1-20 of 25 results

70% of financial services firms report that delays in scheduling pentests sometimes impact compliance or business timelines.

Cobalt9/30/2025
Financial servicesCompliance

76% of financial services leaders highlight third-party software vulnerabilities as a top concern.

Cobalt9/30/2025
Financial servicesVulnerabilities

68% of financial services leaders highlight GenAI-related risks as a top concern.

Cobalt9/30/2025
Financial servicesGenAI

The half-life for serious findings is 147 days in the financial services industry. This metric, which accounts for unresolved vulnerabilities, places FS ninth overall out of the thirteen measured industries.

Cobalt9/30/2025
Financial servicesHalf-life

Cross-site scripting (Web/API): 5.0% in the financial services industry (versus 9.7% average in other industries).

Cobalt9/30/2025
Financial servicesVulnerabilities

Server security misconfigurations: 34.9% in the financial services industry (versus 27.9% average in other industries).

Cobalt9/30/2025
Financial servicesVulnerabilities

Business logic flaws: 2.9% in the financial services industry (versus 2.3% average in other industries).

Cobalt9/30/2025
Financial servicesVulnerabilities

Server-side injection (Web/API): 4.2% in the financial services industry (versus 5.3% average in other industries).

Cobalt9/30/2025
Financial servicesVulnerabilities

Industries like hospitality resolve serious findings significantly faster than the financial services industry (61 days vs 20 days).

Cobalt9/30/2025
Financial servicesMTTR

46% of financial services leaders highlight insider threats as a top concern.

Cobalt9/30/2025
Financial servicesInsider threat

Sensitive data exposure: 10.5% in the financial services industry (versus 8.0% average in other industries).

Cobalt9/30/2025
Financial servicesVulnerabilities

Components with known vulnerabilities: 6.1% in the financial services industry (versus 5.5% average in other industries).

Cobalt9/30/2025
Financial servicesVulnerabilities

The Median Time to Remediation (MTTR) for serious findings is 61 days in the financial services industry. This ranks financial services 11th of 13 industries measured.

Cobalt9/30/2025
Financial servicesMTTR

Approximately one-third of serious issues are never resolved by the organizations in the financial services industry, contributing to backlog and systemic risk.

Cobalt9/30/2025
Financial servicesVulnerability resolution

The financial services industry resolves about two-thirds (66.7%) of serious findings. This ranks the industry 10 out of the 13 industries Cobalt researched.

Cobalt9/30/2025
Financial servicesVulnerability resolution

Financial services firms demonstrate strengths in avoiding common, code-level flaws due to mature security programs and automated scanning (SAST/DAST). However, they struggle with vulnerabilities that require human-led testing.

Cobalt9/30/2025
Financial servicesVulnerabilities

78% of financial services firms report fixing critical vulnerabilities in business-critical assets within 14 days, indicating they narrowly meet strict internal SLA requirements.

Cobalt9/30/2025
Financial servicesVulnerabilities

Nearly 40% of healthcare SLAs require serious findings in business-critical assets to be fixed within three days. Another 40% require resolution within four to 14 days.

Cobalt9/3/2025
HealthcareSLA

Healthcare resolved only 57.4% of serious pen test findings. This ranks healthcare 11th of 13 industries. By comparison, transportation led with 80.2%.

Cobalt9/3/2025
HealthcareVulnerabilities

Just 13.3% of healthcare pentest findings qualify as “serious”. This ranks healthcare 6th-best out of 13 industries.

Cobalt9/3/2025
HealthcareVulnerabilities