Skip to main content
HomeTopicsPen Testing

Pen Testing

Cybersecurity statistics about pen testing

Showing 1-20 of 30 results

77% of organizations conduct regular security assessments and pentests for AI-powered products, an increase of 11 percentage points from last year.

Cobalt6/28/2026
AI SecuritySecurity Assessments

32% of AI-related pentest findings were classified as high risk, compared to 12% of all pentest findings overall.

Cobalt6/28/2026
AI SecurityRisk Classification

77% of internal Security Operations Center (SOC) teams reported a skills shortage in penetration testing as of 2025, indicating a significant gap in essential cybersecurity capabilities.

Red Canary10/23/2025
Security OperationsSkills

21% of organizations rely on regular penetration testing to assess the effectiveness of their API security measures.

Salt Security10/8/2025
APIPen testing

Cloud misconfigurations and excessive permissions vulnerabilities were found in 42% of cloud environments that were pen tested.

BreachLock8/11/2025
CloudMisconfiguration

More than half (58%) of respondents require third-party penetration test reports to validate software security.

Cobalt7/31/2025
TestingPen testing

Nearly nine in 10 security leaders (88%) view penetration testing as an essential component of their overall security programme.

Cobalt7/31/2025
TestingPen testing

The resolution rate for high-severity vulnerabilities found in LLM pentests falls to just 21%.

Cobalt6/24/2025
AIGen AI

33% of respondents are still not conducting regular security assessments, including penetration testing, for their Large Language Model (LLM) deployments.

Cobalt6/24/2025
AIGen AI

32% of LLM pentest findings are serious

Cobalt6/24/2025
AIGen AI

Overall, 69% of serious findings across all pentest categories are resolved.

Cobalt6/24/2025
AIGen AI

50% of CISOs identify software-based testing as a primary method for uncovering exploitable security gaps within their organizations.

Pentera5/7/2025
Pen testingOffensive security

Pentesting accounts for 11% of the total IT security budgets of U.S. enterprises.

Pentera5/7/2025
Pen testingOffensive security

The average total IT security budget for U.S. enterprises is $1.77 million.

Pentera5/7/2025
Pen testingOffensive security

U.S. enterprises allocate an average of $187,000 annually to pentesting.

Pentera5/7/2025
Pen testingOffensive security

Almost two-thirds (approximately 66%) of security leaders say that missing exposures due to manual pen testing is an issue.

Cymulate4/23/2025
Exposure managementPen testing

67% say infrequent pen testing has left concerning gaps in security assessments.

Cymulate4/23/2025

Only 66% of organisations are conducting regular security assessments like pentesting on their AI products.

Cobalt4/14/2025
TestingPen testing

Only 21% of serious vulnerabilities discovered in LLM tests are being resolved.

Cobalt4/14/2025
LLMPen testing

The proportion of serious findings in pentests has also declined by about half (from 20% to 11%) over 10 years.

Cobalt4/14/2025
TestingPen testing