64% of organizations fail to continuously assess vendor and supplier security after onboarding.

Financial companies have a lower rate of serious findings (11%) in pentests.

Large organisations resolve only 60% of serious pentest findings.

Larger organisations take over a month longer (61 days) than smaller ones (27 days) to resolve serious findings in pentests.

The rate for serious findings in pentests being resolved in each calendar year remains stuck at just 55%.

15% of organisations resolve 10% or less of their serious findings in pentests.

The proportion of serious findings in pentests has also declined by about half (from 20% to 11%) over 10 years.

Small companies lead with 81% of serious findings in pentests resolved.

57% of organisations resolve at least 90% of their serious findings in pentests.