Learn More

2023 Ponemon Institute Report

The State of Offensive Security

In a new study conducted with Bishop Fox, the Ponemon Institute surveyed nearly 700 security and IT practitioners in small, medium, and large enterprises who actively employ offensive security practices. 

The analysis explores where enterprises are focusing offensive security efforts and the drivers behind them, including the cyber threats that concern them most. The report offers a view into how mature security organizations leverage different types of offensive security, such as Red Teaming, attack surface management, cloud security testing, and application security to improve their cybersecurity posture, as well as areas for future advancement.

Download the Report Now.

By submitting this form, you indicate that you have read and agree to the terms of our Privacy Policy


Defend Forward with New Insights Into the 2023 State of Offensive Security

Icon Dark BG Computer Chart

64% agree that offensive testing has enabled them to achieve their objectives.

Icon Dark BG Attack Surface Management

48% use ASM technologies to facilitate testing and discover exposures.

Cloud Testing

59% state that penetration testing is important to their cloud security testing.

Top Cyber Threats Driving Offensive Security Investments

Drivers Behind Investments

What Types of Cyber Threats Are Influencing Your Offensive Security Investment?

Of all cyber threats most pertinent to enterprises, ransomware ranks as the top cyber threat (41%) driving offensive security investments, followed by social engineering (40%) and cloud vulnerabilities (39%). Because of their investments, 52% of respondents say offensive security testing helps their organizations harden their defenses against these threats.

Goals & Objectives for Offensive Security Testing


Which Goals or Objectives Are You Trying to Achieve with Offensive Security Testing?

The findings highlight that mature security enterprises aim to achieve the following goals and objectives with offensive security testing: improving zero-day response (42%), meeting compliance and regulatory requirements (42%) and enhancing visibility into attack surface exposures (40%).

Satisfaction Scale of Offensive Security Testing Addressing Objectives


Has Offensive Security Testing Effectively Satisfied Your Objectives?

The research reveals that a significant majority of respondents (64%) agree or strongly agree to have obtained tangible benefits and successfully achieved their security and governance goals and objectives through the implementation of offensive security measures.
Preview of the Ponemon Institute Report for the Financial Services industry.

Offensive Security Analysis

Industry Report: Financial Services

Bishop Fox's industry cut provides a comprehensive analysis of offensive security trends within the financial services (FinServ) sector based on the joint report with the Ponemon Institute. 

The results included are based on the responses from 133 participants who represent FinServ organizations – representing 20% of the total sample.

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.