2025 Penetration Testing Intelligence Report

APIs in technology & SaaS providers' environments saw a 400% spike in critical vulnerabilities.

70% of vulnerabilities detected in healthcare systems were categorised as Medium and High severity issues.

Broken Access Control accounted for 32% of high-severity findings across 4,200+ pen tests, making it the most prevalent and critical vulnerability.

Approximately 40% of financial firms have increased their penetration testing frequency to quarterly or continuous testing.

Cloud misconfigurations and excessive permissions vulnerabilities were found in 42% of cloud environments that were pen tested.

Nearly 7 in 10 retail & consumer goods organizations had APIs with misconfigured authorizations or data exposure issues. These retail & consumer goods APIs averaged 15 vulnerabilities per API.