Hacking Statistics Illustrate the Need for Penetration Testing

The shocking reality of cyber-security for businesses is that the chances that your business will eventually be hacked are high. Companies have two choices: safeguard their business through the use of penetration testing from a cybersecurity agency, or be hacked and then have to hire an agency to clean up the mess, which typically happens.

According to the latest cyber-security statistics, your business has likely been compromised already and your personal information has definitely been compromised; however, you may not know it.

On the surface, penetration testing is exactly what it sounds like. Cyber-security agencies will use penetration testing to penetrate the security of your software, network, and financial systems in order to provide a detailed analysis of vulnerabilities and recommend a plan of action for securing them from potential breaches from black hat hackers.

Black hat hackers don’t always use the data they collect maliciously; some will simply sell the data to other companies who are interested. The following is a 10-month sample of major hacks in 2015, categorized by industry.

Banking and Finance:

Morgan Stanley, Carbanak, Experian and Scottrade lost the data of roughly 50 million users combined; global estimated losses are in the billions. Only 5.3% of cyberattacks against financial institutions are successful, but that is because the financial sector was full of early adopters of penetration testing and cybersecurity.


Anthem, Inc., Premera Blue Cross, CareFirst BlueCross BlueShield, Beacon Health System, UCLA Health, Medical Informatics Engineering, and Excellus BlueCross BlueShield lost the data of over 110 million patients and employees combined. A total of 38.9% off all successful cyberattacks in 2015 were against medical institutions, the highest rate out of all industries.

This is just the effect of the data leak; medical centers have been paying hackers to regain control of hospital networks after ransomware attacks. Last year, 179,209 computers and networks were exploited by ransomware. Medical centers spend less than 10% of their total IT budget on cybersecurity; a figure that is sure to rise after the onslaught of ransomware attacks that plagued the U.S. early in 2016. Serious penetration testing done by white-hat hackers at cyber-security agencies is on the horizon for medical centers.


Ashley Madison, Adult Friend Finder, WhatsApp, and GoDaddy lost the data of over 40 million users combined. Online services comprise 35.1% of all successful cyberattacks, both personal and corporate.

In 2015, United States businesses lost a combined and estimated $525 million, while the global loses are likely in the high billions, all because of cybercrime.

The use of cyber-security agencies has increased to the point where the industry is raking in over $1 trillion each year; a number that will continue to increase as more and more hackers are penetrating the systems of major corporations, major financial institutions, and even leading government organizations. ERMProtect is a cyber-security agency that handles the security of over 270 businesses and organizations, penetrating systems and securing them in order to prevent malware, informational compromises, and financial system breaches.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

ERMProtect's Weekly Newsletter

Get a curated briefing of the week's biggest cyber news every Friday.

Intelligence and Insights

NIST Cybersecurity Framework

Complete Guide to the NIST Cybersecurity Framework 2.0

In this comprehensive guide, we explain in simple terms every aspect of complying with the NIST Cybersecurity Framework 2.0 …
Musings From a Pen Tester’s Diary

Musings From a Penetration Tester’s Diary – Part 2

We asked Akash to take a trip down memory lane and discuss some of his more interesting intrusion cases. This is Part 2 of “Musings from Pen Tester’s Diary.” …
Musings From a Pen Tester’s Diary

Musings From a Penetration Tester’s Diary – Part 1

Ever want to peek inside the mind of an ethical hacker? Akash Desai, our Director of IT Consulting for 18 years, is sharing his diary of experiences “hacking” banks, factories, fire departments, airports, etc …