VendorsCobalt
Cobalt
Cybersecurity reports and statistics published by Cobalt
8 categories7 reports
Research Reports
Reports and publications from Cobalt
State of Pentesting Report 2026
4/21/2026
Pentester Profile Report
3/5/2026
State of Pentesting in Financial Services 2025
9/30/2025
State of Pentesting in Healthcare 2025
9/3/2025
CISO Perspectives Report: AI and Digital Supply Chain Risks
7/31/2025
The State of LLM Security Report
6/24/2025
State of Pentesting Report 2025
4/14/2025
Recent Statistics & Reports
Components with known vulnerabilities: 6.1% in the financial services industry (versus 5.5% average in other industries).
9/30/2025•
Financial servicesPen testVulnerabilities
76% of financial services leaders highlight third-party software vulnerabilities as a top concern.
9/30/2025•
Financial servicesPen testVulnerabilities
Approximately one-third of serious issues are never resolved by the organizations in the financial services industry, contributing to backlog and systemic risk.
9/30/2025•
Financial servicesPen testVulnerability resolution
70% of financial services firms report that delays in scheduling pentests sometimes impact compliance or business timelines.
9/30/2025•
Financial servicesPen testCompliance
78% of financial services firms report fixing critical vulnerabilities in business-critical assets within 14 days, indicating they narrowly meet strict internal SLA requirements.
9/30/2025•
Financial servicesPen testVulnerabilities
68% of financial services leaders highlight GenAI-related risks as a top concern.
9/30/2025•
Financial servicesPen testGenAI
Financial services firms demonstrate strengths in avoiding common, code-level flaws due to mature security programs and automated scanning (SAST/DAST). However, they struggle with vulnerabilities that require human-led testing.
9/30/2025•
Financial servicesPen testVulnerabilities
The financial services industry resolves about two-thirds (66.7%) of serious findings. This ranks the industry 10 out of the 13 industries Cobalt researched.
9/30/2025•
Financial servicesPen testVulnerability resolution
Cross-site scripting (Web/API): 5.0% in the financial services industry (versus 9.7% average in other industries).
9/30/2025•
Financial servicesPen testVulnerabilities
Business logic flaws: 2.9% in the financial services industry (versus 2.3% average in other industries).
9/30/2025•
Financial servicesPen testVulnerabilities
Server-side injection (Web/API): 4.2% in the financial services industry (versus 5.3% average in other industries).
9/30/2025•
Financial servicesPen testVulnerabilities
Industries like hospitality resolve serious findings significantly faster than the financial services industry (61 days vs 20 days).
9/30/2025•
Financial servicesPen testMTTR
The half-life for serious findings is 147 days in the financial services industry. This metric, which accounts for unresolved vulnerabilities, places FS ninth overall out of the thirteen measured industries.
9/30/2025•
Financial servicesPen testHalf-life
46% of financial services leaders highlight insider threats as a top concern.
9/30/2025•
Financial servicesPen testInsider threat
The 2025 breach at DaVita compromised over 900,000 patients' personal and clinical data.
9/3/2025•
HealthcareBreach
Healthcare resolved only 57.4% of serious pen test findings. This ranks healthcare 11th of 13 industries. By comparison, transportation led with 80.2%.
9/3/2025•
HealthcarePen testVulnerabilities
71% of healthcare leaders cited GenAI as the top risk.
9/3/2025•
HealthcareGenAI
68% of healthcare leaders cited third-party software as the top risk.
9/3/2025•
HealthcareThird-party risk
Just 13.3% of healthcare pentest findings qualify as “serious”. This ranks healthcare 6th-best out of 13 industries.
9/3/2025•
HealthcarePen testVulnerabilities
71% of healthcare leaders cited GenAI as the top risk.
9/3/2025•
HealthcareGenAI
Showing 21-40 of 95 results