Attacks evolve too quickly for businesses to maintain truly resilient security
As organizations embrace digital transformation and AI, security teams face mounting pressure to defend an ever-expanding attack surface according to a new report.
The research from Cobalt suggests traditional reactive security measures cannot keep pace with modern threats, particularly when adversaries leverage automation and AI to scale their attacks. 60 percent of respondents believe attackers are evolving too quickly for them to maintain a truly resilient security posture.
Third-party software components, open-source dependencies, and emerging AI-driven capabilities also introduce unseen vulnerabilities that can have cascading effects across the enterprise. These risks underscore the urgent need for proactive offensive testing and continuous visibility across the digital supply chain.
Among the findings 68 percent of security leaders are concerned about the risks of third-party software tools and components introduced across their tech stacks. 73 percent have reported receiving at least one notification of a software supply chain vulnerability or incident in the past year.
In addition 46 percent are uneasy about AI-driven features and large language models, while 68 percent say their boards now view the secure deployment of genAI as a critical priority. 55 percent of security leaders say they’re constantly worried one employee mistake could put the whole organization at risk.
“Security leaders understand that attackers are evolving at an unprecedented pace, and defensive strategies alone won’t cut it,” says Andrew Obadiaru, CISO at Cobalt. “Our research shows a growing demand for offensive security to complement traditional controls. This isn’t just about finding gaps — it’s about building a culture of continuous resilience where security is tested as rigorously as the threats we face.”
The report also highlights the growing role of penetration testing in security strategies. Nearly nine in 10 security leaders (88 percent) view pentesting as an essential component of their overall program. 58 percent of respondents require third-party pentest reports to validate software security, while 55 percent conduct independent code reviews and 53 percent supplement these efforts with internal testing.
You can read more on the Cobalt blog.
Image credit: denisismagilov/depositphotos.com
