In the recently released 2025 Report on the state of fivePentera surveyed 500 Ciso with Global Enterprises (200 from the US) to understand the strategies, tactics and tools they use to handle thousands of safety alerts, sustainable disorders and growing cyber -crises with which they should handle. The resulting data shows a complex picture of progress, problems and a shift in how businesses are approaching security testing.
More tools, more data, greater protection … Without guarantees
Over the past year, 45% of enterprises have expanded their security technologies, and organizations now manage an average of 75 different security decisions.
But despite these layers of safety tools, 67% of US enterprises have undergone a violation over the last 24 months. An increasing number of detailed tools have several effects on daily work and a common cyber organization.
Although it seems obvious, the results tell about a clear story – more safety tools means a better safety post. However, there is no silver bullet. Among organizations with less than 50 security tools, 93% reported violation. This percentage is invariably declining as the stack increases, decreasing to 61% among those who use more than 100 tools.
Fatigue is wary
Wiping large safety stacks is that CISO and their teams should fight much more information. Enterprises that manage more than 75 security decisions are now faced with an average of 2000 alerts a week – double Compared to organizations with smaller stacks and those who have more than 100 tools receive more than 3000 (3 times alerts).
This, in turn, makes much greater attention on effective prioritization, otherwise critical threats can be buried in the sea of alerts. In these circumstances, when the volume volume is high and the time to the trial, the organizations are most beneficial if they can often experience the exploited gaps so that they know what problems are really important before the threats find them first.
Based on the software Retirement income on the ground
Trust at software safety testing is growing rapidly. Only 5-10 years ago, many businesses would never allow automated tools to manage petists in their environment, fearing to cause shutdown, but the moods change.
As CISO continues to recognize the benefits of the software in scaling competition tests and keep up with the constantly changing IT environment, software-based petting becomes the standard. More than half of the enterprises now use these tools to support internal testing caused by trust in their reliability and the need to scale, a permanent check strategy. Today, 50% CISOs cite the five -year solution software as the main disclosure method.
Insurance suppliers become unexpected influential participants
In addition to internal management and boarding councils, a strange new force is the formation of a safety strategy: cyber -staging suppliers. 59% CISO acknowledged that they implemented at least one cybersecurity decision, which was not previously considered as a result of their cybercers. This is a clear sign that insurers are not just a risk of pricing, they actively appoint how it is reduced and the enterprise security priorities in the process.
Low confidence in government support
While government agencies such as CISA (in the USA) and ENISA (EU) play an important role in the visibility and coordination of the threat, the confidence in the support of government cybersecurity is surprisingly low.
Only 14% CISO believe that the government properly supports cyber -problems of the private sector, and 64% believe that the government’s efforts, although recognized, are insufficient. 22% believe that they cannot at all count on the government for help for cybersecurity.
To or Sign up for the webinar On May 27, 2025, where senior security analysts will discuss key conclusions. As an alternative get Full report on the status of 2025 And look all the understanding for yourself!
Note: This article was written and introduced by Jay Mar Tan, Field Ciso in Pentera.
