Learn More

2023 Ponemon Institute Report

The State of Offensive Security

In a new study conducted with Bishop Fox, the Ponemon Institute surveyed nearly 700 security and IT practitioners in small, medium, and large enterprises who actively employ offensive security practices. 

The analysis explores where enterprises are focusing offensive security efforts and the drivers behind them, including the cyber threats that concern them most. The report offers a view into how mature security organizations leverage different types of offensive security, such as Red Teaming, attack surface management, cloud security testing, and application security to improve their cybersecurity posture, as well as areas for future advancement.

Download the Report Now.

By submitting this form, you indicate that you have read and agree to the terms of our Privacy Policy

KEY HIGHLIGHTS FROM THE REPORT

Defend Forward with New Insights Into the 2023 State of Offensive Security

Icon Dark BG Computer Chart

64% agree that offensive testing has enabled them to achieve their objectives.

Icon Dark BG Attack Surface Management

48% use ASM technologies to facilitate testing and discover exposures.

Cloud Testing

59% state that penetration testing is important to their cloud security testing.

Top Cyber Threats Driving Offensive Security Investments

Drivers Behind Investments

What Types of Cyber Threats Are Influencing Your Offensive Security Investment?

Of all cyber threats most pertinent to enterprises, ransomware ranks as the top cyber threat (41%) driving offensive security investments, followed by social engineering (40%) and cloud vulnerabilities (39%). Because of their investments, 52% of respondents say offensive security testing helps their organizations harden their defenses against these threats.

Goals & Objectives for Offensive Security Testing

TESTING GOALS & OBJECTIVES

Which Goals or Objectives Are You Trying to Achieve with Offensive Security Testing?

The findings highlight that mature security enterprises aim to achieve the following goals and objectives with offensive security testing: improving zero-day response (42%), meeting compliance and regulatory requirements (42%) and enhancing visibility into attack surface exposures (40%).

Satisfaction Scale of Offensive Security Testing Addressing Objectives

SATISFACTION SCALE

Has Offensive Security Testing Effectively Satisfied Your Objectives?

The research reveals that a significant majority of respondents (64%) agree or strongly agree to have obtained tangible benefits and successfully achieved their security and governance goals and objectives through the implementation of offensive security measures.
Preview of the Ponemon Institute Report for the Financial Services industry.

Offensive Security Analysis

Industry Report: Financial Services

Bishop Fox's industry cut provides a comprehensive analysis of offensive security trends within the financial services (FinServ) sector based on the joint report with the Ponemon Institute. 

The results included are based on the responses from 133 participants who represent FinServ organizations – representing 20% of the total sample.

Download

Related Resources

Hone Your Offensive Strategy with More Data Insights

Dive into more research from our Bishop Fox experts to better understand the minds of modern adversaries, how to approach Red Teaming, and much more.

Get the Blueprint Ponemon Institute webcast with headshots of Larry Ponemon and Tom Eston.
Webcast

Get the Blueprint: Insights from Ponemon Institute’s 2023 State of Offensive Security Study

Hear from experts Larry Ponemon & Tom Eston, as they reveal our findings from a joint report with the Ponemon Institute on the 'State of Offensive Security' in 2023.

Learn More
Cover page of the SANS Report Hacker Survey 2022
Report

SANS Institute: Inside the Minds & Methods of Modern Adversaries

This inaugural report, in partnership with Bishop Fox, surveyed 280 ethical hackers to understand how adversaries think about the attack surfaces that they seek to exploit.

Learn More
Ponemon report on offensive security for Financial Services title with preview of the guide.
Report

The Offensive Security Blueprint for Financial Services

Bishop Fox's Financial Services industry cut provides a comprehensive analysis of offensive security trends within financial services, using industry data gathered from our joint research report with the Ponemon Institute.

Learn More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.