Often imitated, never duplicated, Cobalt’s annual State of Pentesting Report drops in a matter of days — April 12th, to be exact. That’s right, it’s that time of year again. 

With RSA around the corner, every cybersecurity company in the world (practically) is finding announcements to drop at the show, and April will be buzzing with industry news. So we’re getting ahead of it by sharing a sneak peek of what’s to come in our 2023 edition. 

Over the years, the State of Pentesting Report has functioned as a litmus test for how buyers view, consume, and value pentesting. After pioneering Pentest as a Service (PtaaS) and seeing it become a recognized industry term, we at Cobalt realized that the evolution of pentesting warrants its own research. We wanted to examine the effects of industry megatrends on cybersecurity and, by extension, pentesting, given that digital transformation is now a staple of corporate IT and so change is a constant. We weren’t disappointed. 

What’s new about this year’s report? 

Last year, we studied the impact of The Great Resignation – and subsequent talent shortages – on security programs, and unpacked the relationship between security and development colleagues. Those currents still run through this year’s State of Pentesting Report, and we’ve layered on the perspective of pentesters to supplement our findings and present firsthand accounts of how customers can wring value from every stage of the pentest lifecycle.  

We’ve also expanded our scope to include both the US and EMEA. The methodology remains fundamentally the same: findings derive from hundreds of survey responses and thousands of Cobalt-conducted pentests. 

Here’s a sneak peek at some of the key stats in the report around macroeconomic trends, how they’re affecting security teams, and how vulnerable organizations are in the midst of change and transformation: 

US

• 77% of security teams have experienced layoffs.
• 73% of affected teams struggle to manage vulnerabilities.
• 96% of security teams were slower to patch critical vulnerabilities compared to 2021.

EMEA

• 1 in 4 security teams have gone through layoffs. 
• 1 in 4 security teams have had their budget cut. 
• 58% of affected security teams struggle to manage vulnerabilities.

What’s the objective of releasing this research?

The State of Pentesting Report gives a pulse reading on the industry, but we aren’t satisfied to simply ask, “what’s happening in cybersecurity?” 

Cobalt’s mission with The State of Pentesting Report is to tell the story of how teams can avoid being hamstrung by seismic workplace and technology shifts. We want you to read and to learn how to flip the script to maximize value for professional gain. 

Is it true other vendors now publish reports called “State of Pentesting”? 

Yes. Cobalt’s research is differentiated on several fronts. For one, we benchmark based on anonymized data from thousands of pentests – and speaking of which, we’re closing in on our 10,000th pentest which will be a major milestone. And for the upcoming installment we’ve tapped into the brainpower of the Cobalt Core, our 400+ global community of skilled, vetted testers. 

As long as everyone is committed to furthering the collective understanding of this industry and improving security for the masses, we’ll applaud their efforts. After all, imitation is a form of flattery. 

To receive the report as soon as it launches on April 12th, sign up here.