The State of Sett in 2025: Why AI-driven security verification is a strategic priority now
Pentera’s 2025 Seitest Inquiry Report paints a stunning picture of the besieged cybersecurity landscape and is growing rapidly. It’s not just a story about defending digital boundaries; it’s a blueprint for how businesses can change their security approach through automation, AI-based tools, and the relentless pressures of real-world threats.
Although the security stack is larger, the vulnerability still exists
Despite the increasingly complex security stack deployed, 67% of U.S. businesses reported suffering violations over the past 24 months. These are also not secondary events, with 76% reporting direct impacts on confidentiality, integrity or data availability, while 36% experienced unplanned downtime, while 28% faced financial losses.
The correlation is obvious: as the complexity of the stack increases, so are alerts and vulnerabilities. Businesses using over 100 security tools have an average of 3,074 alerts per week, while businesses using 76-100 tools have 2,048 alerts per week.
However, such data avalanches often flood security teams, delaying response times and allowing real threats to slide through the cracks.
Cybersecurity insurance is shaping technology adoption
Cyber insurers have become an unexpected driver of cybersecurity innovation. 59% of U.S. businesses implemented new security tools in particular at the request of their insurers, while 93% of CISOs reported that insurers affected their safety posture. In many cases, these recommendations go beyond compliance – their shape of technical strategies.
Five software-based
Manual fill is no longer the default value. Now, more than 55% of organizations rely on software-based taints in their internal plans, and another 49% use third-party providers. By comparison, only 17% still rely entirely on internal manual testing.
The transition to automated adversary testing reflects a broader trend: In an evolving era of threats, scalable, repeatable and real-time verification is needed. These automation platforms simulate attacks, from fileless malware to privilege escalation, allowing enterprises to continuously evaluate their resilience without disruption.
Security budget is growing – Fast
Security won’t be cheap, but organizations will prioritize it. The average annual budget is $187,000, accounting for 10.5% of total IT security spending. Larger businesses (more than 10,000 employees) spend more, with an average of $216,000 per year.
In 2025, 50% of businesses plan to increase their budgets, while 47.5% are expected to increase their overall security spending. Only 10% of people expect investment to decrease. These figures highlight the increase in security from operational necessity to board priorities.
Safety tests are still catching up
It’s a shocking disconnect: 96% of businesses report changes in infrastructure at least quarterly, but only 30% fill it with the same frequency. result? New vulnerabilities slide through untested changes, extending the attack surface with each software push or configuration update.
Of the large enterprises with only more than 10,000 employees, only 13% of them perform quarterly Pentecost. Meanwhile, nearly half are still being tested annually, a dangerous lag in today’s dynamic threat environment.
Risk alignment than ever
Encouragingly, security leaders are focusing on tests where violations actually occur. Nearly 57% of the priority is web-oriented assets, followed by internal servers, APIs, cloud infrastructure and IoT devices. This alignment reflects an increasing awareness that attackers do not discriminate against – they exploit any available vulnerabilities throughout the attack surface.
APIs in particular have become a high priority target for attackers and defenders. These interfaces are increasingly important for business operations, but often lack visibility and standard monitoring to mature their development.
Results of Pentecost
The report of Pentecost is no longer put on hold. Instead, 62% of businesses immediately transferred the findings to remedial priorities, while 47% of shares were reported directly to their board of directors or regulators with senior management’s share and 21% of shares.
This shift to action reflects a deeper integration of the 50s continuation into strategic risk management, not just the compliance check box. Security verification is becoming part of the business conversation.
What hinders faster progress?
Although the trend line is positive, key inhibitors are retained. According to the World Economic Forum, the first two hurdles for Dessett are budget constraints (44%) and a lack of available applicants (48%) – the latter reflects a shortage of 4 million cybersecurity professionals worldwide.
Operational risks (such as fear of interruptions during testing) remain a 30% CISO focus.
From compliance obligations to strategic weapons
As a regulatory requirement, the development of the pentagon far exceeds its origins. Today, it supports strategic initiatives, including M&A due diligence and executive-level decision-making. Now, nearly one-third of respondents will “perform tasks” and “prepare for mergers and acquisitions” are key reasons for Pentecost.
This marks a fundamental shift: from responsive checks to positive and continuous measures of cyber resilience.
The final thought
this 2025 Pollution Investigation Report Not just a status update, but a wake-up call. As attack surfaces grow, threat actors become more complex, and organizations will no longer be burdened with slow, manual or isolated security testing methods. AI-based, software-based pentaceous will intervene to close the gap with speed, proportion and insight.
Organizations that thrive in this new era will be those that view security verification as a technical necessity and a strategic priority.
For more insights, download Pentera’s full 2025 Sete State Survey Report.
