Pentesting Survey Revealed: Strategic Insights for CISOs in APAC

Pentera

By Michael Tan, VP Sales, APJ

While 69% of APAC organisations adjust their IT systems at least quarterly, a surprising 61% don’t sync their security assessments with these updates. This oversight not only leaves organisations open to risk for long durations but also spotlights a critical improvement area for security teams; the essential need for security protocols to keep pace with IT developments to ensure effective protection.

These insights are part of the Pentera State of Pentesting Report for 2024, offering key findings on security validation practices. Conducted by Global Surveyz Research, the study involved 150 security professionals from APAC and another 300 from the Americas and EMEA, focusing on VP-level and C-suite executive positions in enterprises with over 1,000 employees.

The report aims to guide navigating the evolving cybersecurity landscape, emphasising the importance of keeping IT infrastructure secure amidst emerging threats.

Other key findings addressed in the report:

• 50% of APAC-based enterprises reported a breach in the past 24 months despite an average of 54 security solutions deployed per organization in the region.
• APAC enterprises continue to be breached across their entire attack surface. Respondents indicated which of their environments have been impacted:
  • 46% reported an impact on their remote devices
  • 61% reported an impact in their on-prem environment
  • 47% reported an impact on their cloud infrastructure
• The impact of a breach is too high:
  • 41% reported unplanned downtime
  • 40% reported data exposure
  • 25% reported financial loss

Providing possible reasons as to why pentesting is not conducted at the necessary frequency, the report addresses the barriers and drivers for pentesting.

Pentesting Hurdles
Key hurdles inhibiting more frequent pentesting identified by survey respondents included scarcity of skilled pentesters and concerns about disrupting business operations. Respondents were also worried about their internal remediation capabilities. Strategic planning and use of automation are therefore essential for security leaders to manage resource limitations and ensure pentesting bolsters rather than disrupts business continuity.

Shifting Motivations
Interestingly, the reasons for conducting pentests are shifting from compliance-driven to proactive cybersecurity enhancement. Security leaders are increasingly recognizing the value of pentesting in strengthening their cyber defenses. Additionally, pentesting has become a critical step in the M&A process, used to uncover potential cybersecurity issues before finalizing deals, thus preventing future surprises.

Navigating through the Myriad
These insights offer more than data, they provide those deep in the cybersecurity field with a data-based guide to refine their practices and strategic investments. Aligning security tests with IT updates and continuously managing the cyber exposure posture is vital for safeguarding business continuity.

Cybersecurity professionals can download the full report and register here to attend the live webinar.