{"id":318,"date":"2021-05-05T00:22:00","date_gmt":"2021-05-05T00:22:00","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=318"},"modified":"2025-05-13T11:50:03","modified_gmt":"2025-05-13T18:50:03","slug":"does-pen-testing-still-make-sense-in-an-era-of-digital-transformation","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/does-pen-testing-still-make-sense-in-an-era-of-digital-transformation\/","title":{"rendered":"Research Results: The Challenges With Pen Testing for Cybersecurity"},"content":{"rendered":"
\n
\"\"<\/figure><\/div>\n\n\n

Penetration testing is one of the most well-known tools security teams use to defend against attackers and keep their organizations secure. But it\u2019s also a technology from another century: penetration testing has its origins in the late 1960\u2019s. 

Does pen testing still make sense in an era of digital transformation<\/a>, where even the largest, most traditional companies are reinventing themselves to be digital-first businesses? The very same world where attackers take the path of least resistance to breach business data and applications, using weaknesses in overlooked and internet-exposed assets?<\/p>\n\n\n\n

We wanted to understand the answer to those questions, so we worked with Dark Reading to survey over 100 large organizations about their penetration testing practices and perceptions, to see what they truly think about pen testing effectiveness for the modern IT ecosystem. Short answer: respondents at these organizations think that pen tests have huge blind spots, are done too infrequently, and are too expensive to be very effective as a security solution \u2013 despite the fact that they rely on them for exactly that.<\/p>\n\n\n\n

We uncovered those insights (and more) by commissioning Dark Reading to survey security and IT professionals involved closely with penetration testing: from CISOs and CIOs to IT and security directors to security architects and pen test leads. <\/p>\n\n\n\n

Here are some highlights of what we uncovered:<\/p>\n\n\n\n

Why do organizations pen test?<\/h2>\n\n\n\n