First-Ever Penetration Testing Survey from Core Security Reveals Pen Testing a Critical Tool for Organizations in Reducing Risk and Maintaining Compliance

Posted on March 26, 2020 | Infrastructure and Data Protection

MINNEAPOLIS (March 26, 2020)—Core Security, by Fortra, today announced the results of its inaugural penetration testing survey in its 2020 Penetration Testing Report, indicating that cybersecurity professionals regularly rely on pen testing in their companies. In fact, 85 percent of respondents reported that they pen test at least once per year and 67 percent consider it important to their organization’s security posture.

This new report highlights the results of a comprehensive global survey of more than 800 cybersecurity professionals across multiple sectors based on their experiences with pen testing. The findings offer an accurate picture of how penetration testing is used by different organizations and provide insight about the effectiveness of ethical hacking strategies.

“Having spent more than two decades observing and participating in the evolution of penetration testing, we wanted to drill down on the role that penetration testing plays across organizations of different sizes and industries,” said Brian Wenngatz, General Manager, Core Security, a Fortra Company. “This survey and findings provide a comprehensive picture of the effectiveness of ethical hacking strategies, and the resources required to deploy a successful pen testing program.”

Organizations appeared to have an even balance for why they pen test, with 70 percent reporting that they perform pen tests for vulnerability management program support, 69 percent for measuring security posture, and 67 percent for compliance.

Penetration testing is widely considered an effective way to reduce risk and is a vital method to evaluate the security of an organization. By attempting to exploit potential security weaknesses of all kinds, from misconfigurations to end user mistakes, organizations can proactively take action before an attack occurs.

In regard to compliance, 68 percent of respondents reported that pen testing was important for their compliance initiatives, with the most important data to protect—customer, patient, financial, or employee information—falling under some type of regulation or industry standard, like NIST, SOX, NERC, HIPAA, CMMC, and GDPR.

“Penetration testing remains the best way to keep ahead of adversaries by allowing companies to uncover vulnerabilities and it is essential in adhering to ongoing regulatory compliance for companies across every sector,” said Wenngatz. “This report has sought to create a pivotal resource from which the cybersecurity community can find tremendous value and leverage actionable insights in their own organizations.”

About Fortra

Fortra is a people-first software company focused on helping exceptional organizations Build a Better IT™. Our security and automation software simplifies critical IT processes to give our customers peace of mind. We know IT transformation is a journey, not a destination. Let’s move forward. Learn more at

Mike Devine 
Vice President, Marketing 
+1 952-563-1696 
[email protected]