Synack, the most trusted crowdsourced security testing platform for Fortune 500 and Global 2000 companies and government agencies, released a new report Wednesday detailing a major cultural shift taking part among some of the world’s largest organizations and institutions. The 2020 State of Compliance and Security Testing Report reveals that a large percentage of organizations and institutions are moving toward a rigorous, continuous testing model to ensure compliance. As part of this shift toward continuous testing, organizations are utilizing crowdsourced security testing to achieve regulatory compliance and real security, with adoption expected to increase four-fold in 2020.
With new compliance frameworks such as GDPR and CCPA drastically increasing the cost of a breach, organizations are racing to protect their data. In an increasingly connected, highly regulated and digital world, business leaders and decision makers are turning to outside vendors that can ramp up quickly in a cost effective manner. As a result, the crowdsourced security testing space–which has already gained credibility for its significantly better ROI than more traditional, less frequent, and less secure methods–has surpassed all estimates and will continue to do so in 2020 and beyond.
“The rapid embrace of crowdsourced security testing has happened because it is proven to work better than traditional security testing methods and addresses the ever growing talent gap within organizations,” said Synack CTO and co-founder Mark Kuhr.
The growth in crowdsourced security testing can be attributed to two major trends. The first: rapid development cycles. “Today’s security teams have shorter development cycles and dynamic environments that require rapid deployment and a continuous approach to security testing,” explains Kuhr. This explains the shift towards continuous, crowdsourced security testing for compliance purposes.
“Although we are seeing a move toward a 24/7, 365 security culture at organizations in a wide variety of industries and geographies, there is still ample room for improvement,” said Aisling MacRunnels, Synack’s CMO. “Our survey found that on average, most security tests are lasting just 20 hours. As the number of cyber incidents continues to increase, it will be imperative for decision makers to implement security testing solutions on a continuous basis with 1500-2000 hours of testing a year.”
Secondly, organizations are looking to crowdsourced security due to tremendous pressure from boards and regulators to remain compliant and secure. Regulatory frameworks and best practices mentioned in the report including GDPR and HIPAA are increasingly requiring or recommending an annual or more frequent audit with penetration testing. The advent of trusted and structured crowdsourced penetration testing solutions build on that trend by providing the very best of human intelligence with artificial intelligence on a continuous cadence.
“This shift toward continuous crowdsourced security testing will allow organizations and institutions to have the best of both worlds by procuring technology that offers efficient and effective results while fulfilling best practice standards such as NIST 800-53 to meet compliance objectives,” said Kuhr.
For the report, Synack surveyed leaders from more than 300 organizations representing a number of industries and verticals, including technology, government, healthcare, information technology, and financial services. In addition to helping identify a set of security and compliance best practices for a diverse set of industries, the report found security testing is becoming part of an organization’s normal routine rather than a once-a-year check of the box focused only on compliance. 44% of organizations and institutions surveyed are performing security tests on a monthly or weekly basis, which suggests they are moving toward the more effective continuous model that crowdsourced solutions enable.
Other key findings include:
- 63% of organizations agree that the most common use case for external vendors is to identify and reduce vulnerabilities, which is encouraged by different compliance frameworks and best practice standards
- 52% of organizations experience unwanted cost and complexity due to overlap in functionality from using multiple security vendors, which is caused by poor budget allocation and overlap in vendor capabilities
- 32% of compliance testing processes are expensive and difficult to scale, yet crowdsourced security testing solutions provide 147% higher ROI than a typical pen test and may decrease the burden of testing on organizations by reducing signal-noise ratio
To download a copy of The 2020 State of Compliance and Security Testing Report and to learn more about how crowdsourced ethical human hacking augmented by artificial intelligence is changing how the world’s largest organizations and institutions view security and compliance testing, please visit synack.com.
Synack, the most trusted crowdsourced security platform, delivers continuous and scalable penetration testing with actionable results. The company combines the world’s most skilled and trusted ethical hackers with AI-enabled technology to create an efficient and effective security solution. Headquartered in Silicon Valley with regional offices around the world, Synack protects leading global banks, federal agencies, DoD classified assets, and close to $1 trillion in Fortune 500 revenue. Synack was founded in 2013 by former US Department of Defense hackers Jay Kaplan, CEO, and Dr. Mark Kuhr, CTO. For more information, please visit www.synack.com.