The investment potential of pentesting and information security

Looking back over the last decade, the increase in cybercrimes has propelled information security from a nice-to-have to an essential part of every business that handles large sets of customer data. It has also flourished into an industry ripe with opportunities for VC investment and corporate innovation initiatives.?

Between 2015 and 2021, the information security market was estimated to have a compound annual growth rate (CAGR) of 8% to reach a cap of $133 billion. By 2026, that CAGR is estimated to reach 11%, capping at $267.3 billion. In contrast, it is estimated that cybercrimes will cost the world $10.5 Trillion Annually By 2025 .

While several technologies are housed within Information Security, in this article, we will look at one technology in particular—Pentesting. However, to help us define pentesting and showcase its innovation and investment potential, we reached out to our friends at Cobalt , the developers of a premier Pentest as a Service (PtaaS) platform.

What is Pentesting?

According to our friends at Cobalt, Penetration Testing or Pentesting , is actively testing an organization’s “people, technology, and processes” using the same Tactics, Techniques, and Procedures (TTPs) that a real-world attacker would.?

There are many types of pentesting, depending on what the organization is looking to test. It is part of what is referred to within the industry as offensive security testing. One of the more standard offensive security types is network penetration testing, which encompasses an organization's internal, external, and wireless networks. Another is Web Application and API testing, which tests an organization's application security and API endpoints.

Cobalt went on to inform us that an organization’s security program maturity will ultimately decide what mix of offensive security testing should be completed annually.?

Recent Innovations in Pentesting

Penetration Testing is always changing due to new technologies and changes to infrastructure. If you are looking to discover potential startup opportunities in pentesting and information security, here are a couple of key technologies that you can search for in our platform :

Zero Trust Architecture is an enterprise cybersecurity architecture based on zero trust principles and designed to prevent data breaches and limit internal lateral movement. According to Cobalt, this model is becoming more widely accepted, and we have seen a significant rise in list startups on our platform that are operating with this technology.

Security Orchestration, Automation, and Response (SOAR) refers to a collection of software solutions and tools that allow organizations to streamline security operations in three key areas: threat and vulnerability management, incident response, and security operations automation.

Where are there investment opportunities?

All you have to do is look around and you will see that we are surrounded by information and data, so one might argue that there is potential for growth and investment in all aspects of information security—and pentesting in particular.?

Operation Technologies (OT) such as SCADA and Industrial Control Systems (ICS) remain hot targets for attackers, as we have seen in the news recently . However, due to the growth of Internet of Things (IoT) devices, pentesting technologies and services are poised to be increasingly essential to the annual security effort of all industries.??

The MedTech and mHealth industries are rapidly growing and devices ranging from Medical Kiosks and Body Scanners are becoming more ubiquitous. The consumer industry is always flush with the potential for breach of valuable customer data. The number of connected IoT devices nearly tripled from 2015-2022, and there is no sign of slowing down.