Most organizations are not proactive about security testing – report

According to the study, one in five of businesses surveyed for the report admitted they do not do any security testing, despite the fact that 95% of survey respondents reported encountering one of the dozen common security issues associated with security vulnerabilities.

Among those that do conduct security testing, 66% do so only monthly or less frequently, and most do not perform regular security testing after every infrastructure change.

Both security testing and reviews of these tests are not commonplace: only 5% perform detailed reviews of security testing to assess vulnerabilities on a daily basis and only 24% do so weekly or multiple times during the week.

Meanwhile, 25% of the organizations surveyed perform these reviews only quarterly or annually, and 20% do so only when they perceive the need, creating a situation where businesses are simply guessing when to test their systems.
95% of survey respondents reported encountering one of the dozen common security issues associated with security vulnerabilities that were listed in the survey.

Osterman Research conducted this survey in July 2016 with 126 members of its survey panel. In order to qualify for the survey, respondents had to be knowledgeable about and/or responsible for security testing in their organizations.