Penetration testing-as-a-service company Cobalt Labs Inc. detailed in a new report today the impact of budget cuts and talent shortages in the cybersecurity industry and it’s not good news: Cyber teams are struggling to manage the remediation process and monitor for vulnerabilities.

Cobalt’s fifth annual State of Pentesting Report found that budget cuts and talent shortages are leaving organizations at a higher risk of security breaches. Macroeconomic shifts were found to be affecting organizations’ security standards across the U.S., Europe, the Middle East and Africa.

Job cuts in cybersecurity were not found to be evenly distributed, with more than half (63%) of U.S. cybersecurity professionals reporting that their department’s budget had been cut in 2023, compared with only 28% of their EMEA counterparts. Two-thirds of U.S. companies and 61% in EMEA were also found to have slowed down recruitment for cybersecurity staff.

A reduction in staff numbers and replacements was also found to be causing “cybersecurity burnout” that could push workers to quit. Of those who have encountered layoffs or budget cuts, almost all — 95% in the U.S. and 84% in EMEA — said their roles had changed in the last year. More than 60% of cybersecurity professionals in the U.S. and 29% in EMEA said that, as a consequence, they are feeling burned out.

Half of U.S. respondents and 20% in EMEA said they would consider quitting their jobs if their organizations did not address their burnout.

Lack of staff equals lack of attention, with 79% of U.S. cybersecurity professionals and 66% in EMEA admitting to deprioritizing responsibilities leading to a backlog of unaddressed vulnerabilities. Close to three-quarters in the U.S. and 58% in EMEA said they now struggle to monitor and respond to vulnerabilities.

Other findings in the report include server security misconfigurations cited as the most commonly discovered security vulnerability at 40%, followed by cross-site scripting at 12%, sensitive data exposure at 10%, broken access control also at 10%, and authentication and sessions at 9%.

Alongside the report, Cobalt has released a new Pentest Management Platform to increase the efficiency and quality of pentesting programs. The platform enables in-house security teams, managed service providers and outsourced security teams to cover the entire lifecycle of a pentest, from planning, launching and collaborating on tests to writing reports, tracking vulnerabilities and making remediation efforts.

Image: Pixabay