Study: only 4% of companies have no serious cyber risks.

      As the study showed, 60% of companies have high- and critical-level vulnerabilities. The first category includes defects in authentication systems that allow bypassing defenses, weaknesses in web applications with a risk of data leakage, and problems in the configuration of network services that create additional attack vectors. Critical-level flaws can lead to the takeover of domain controllers with acquisition of full administrative privileges to the corporate infrastructure and unauthorized access to confidential data.

      In 36% of cases medium-level vulnerabilities were identified; these do not provide full control over the system, but they can become an important link in the attack chain and compromise more protected components of the infrastructure. Only 4% of companies have no serious security gaps. Pentests were conducted among companies from various industries and sectors: 60% in the power industry, IT and manufacturing, 20% in the financial sector, and 8% each in real estate, advertising and media, and retail.

      Penetration testing (pentest) is a safe way to assess the security of an organization’s information systems by simulating the actions of attackers. During testing, specialists analyze external and internal networks, check web applications and mobile services, assess resilience to social engineering attacks, and test authentication systems. As a result, businesses receive a detailed report describing the vulnerabilities found and step-by-step recommendations for their remediation and prevention.

      Of all types of pentests, external testing remains the most in demand: since the beginning of this year demand for it has grown by 48% compared with figures for all of 2024. In second place are compliance projects (analysis of systems’ conformity with regulators’ requirements, regulatory documents and industry standards). Their number increased by 75% over the same period. The largest increase (more than 100%) was shown by incident investigation services for breaches that have already occurred; however, such work accounts for only 4% of the total volume.

      Demand for pentests is growing annually by about 30%, but the market has now reached record levels. According to experts’ estimates, by the end of 2025 their number will double compared with last year, which is explained by the rise in the number of cyberattacks, including the use of new threats and methods, as well as tightening regulatory requirements (introduction of new standards and increased liability).

      “The results of our study show that only 32% of the companies tested have a high level of protection against cyberattacks. Another 23% have a medium level of security, and the remaining 45% have a low level. Conducting pentests is only the first step toward building an effective cybersecurity system. By analyzing the results of such comprehensive testing, a company can identify weak spots in its infrastructure and understand how to properly build its defenses,” notes MegaFon’s Director of Corporate Business Development Natalya Taldykina.