Summary: The State of Pentesting Report 2025 reveals significant gaps in cybersecurity, particularly in vulnerability management and the swift integration of generative AI without adequate security measures. Despite 81% of organizations claiming robust cybersecurity postures, actual remediation rates of vulnerabilities remain alarmingly low. The report emphasizes the urgent need for programmatic pentesting to effectively manage risks and protect against emerging threats.
Affected: Organizations across various sectors, particularly in technology and cybersecurity
Keypoints :
- 81% of organizations rate their cybersecurity posture as strong, yet only 48% of vulnerabilities from pentests are resolved.
- Organizations take a median of 67 days to resolve vulnerabilities, far exceeding the SLA target of 14 days.
- 32% of vulnerabilities related to large language models (LLMs) are deemed high-risk, with only 21% remediated.
- Smaller businesses outperform larger ones, resolving 81% of serious findings compared to 60% for larger enterprises.
- Critical sectors like utilities and healthcare are lagging in vulnerability resolution, emphasizing the need for urgent attention and remediation strategies.
- Pentesting must transition from a compliance check to a strategic tool for continuous risk reduction.
Source: https://thecyberexpress.com/state-of-pentesting-report-2025/