Pentera's Report on the State of Pentesting in the UK Reveals Rapid Shift to Software-Based Security Validation
British enterprises are adopting an adversarial mindset and embracing software-based pentesting platforms to identify real risk and prioritise security efforts more effectively
LONDON, Sept. 10, 2025 /PRNewswire/ -- Pentera, the market leader in automated security validation, announced the release of its State of Pentesting 2025 – United Kingdom report, part of its fourth annual survey series. This report draws from the responses of 100 UK CISOs and senior security executives, as part of a broader global sample of 500 CISOs, to provide a data-driven view into the current state of security validation practices, budget priorities, and the growing momentum toward proactive, risk-based testing strategies in the UK.
Unthinkable a decade ago, today 61% of UK enterprises utilize software-based pentesting to support their in-house testing programmes. Even more notably, 40% of UK CISOs cite software-based testing as their primary method for uncovering exploitable security gaps. These findings reflect a wider shift toward scalable, adversarial testing approaches capable of validating the entire attack surface continuously and safely.
Key findings from the report include:
- 75% of UK enterprises experienced a breach in the past 24 months – Of those, 76% reported a significant impact, including 35% citing unplanned downtime, 24% reporting financial loss, and many experiencing compromise to data confidentiality or availability.
- Pentesting represents a substantial portion of the IT security budget – UK enterprises spend an average of £158,000 annually on pentesting, representing 12% of their total IT security budgets, which average £1.32 million.
- Cyber insurance providers are influencing tool adoption – 48% of UK organisations implemented at least one cybersecurity solution at the direct request of their insurance provider, and 41% received specific solution recommendations.
"The pace of change in enterprise environments has made traditional testing methods unsustainable," said Amitai Ratzon, CEO of Pentera. "In the UK, 97% of enterprises report making changes to their IT environments at least quarterly. Without automation and technology-driven validation, it's nearly impossible to keep up. This annual State of Pentesting report highlights the urgent need for scalable validation strategies that match the complexity and velocity of today's enterprise infrastructure."
The survey data was collected in January 2025 as part of Pentera's global State of Pentesting 2025 study, conducted by independent research firm Global Surveyz.
To register for our upcoming webinar for our UK findings please click here.
[Click here to access the full UK report.]
About Pentera
Pentera is the market leader in Automated Security Validation, empowering companies to proactively test all their cybersecurity controls against the latest cyberattacks. Pentera identifies true risk across the entire attack surface, guiding remediation to effectively reduce exposure. The company's security validation capabilities are essential for Continuous Threat Exposure Management (CTEM) operations. Thousands of security professionals around the world trust Pentera to close security gaps before threat actors can exploit them.
For more information, visit: www.pentera.io
Media Contact for Pentera
Noam Hirsch
Senior PR Manager
[email protected]
SOURCE Pentera
Share this article