The scalability of penetration testing was analyzed in a recent survey by Synack. Half of the survey respondents reported it was more difficult to manage their attack surface today than it was a year ago, whether because of third-party risk, data complexity or increasing attacker sophistication.
Fifty-eight percent of enterprises said detecting vulnerabilities is getting more difficult as their attack surface increases in complexity, size and rate of change. Organizations reported pentesting currently covers 47% of business-critical apps.
Sixty-percent of respondents reported finding it difficult to test frequently enough to keep up with the pace of application development, with three in four saying it’s likely they will consider platform-based testing solutions like Penetration Testing as a Service (PTaaS).
Thirty-two percent of respondents said they use pentesting to improve overall security strategies and posture. Most either reported using pentesting for compliance or to achieve tactical objectives like finding and fixing vulnerabilities.
https://www.securitymagazine.com/articles/100774-58-of-organizations-found-it-harder-to-detect-vulnerability