In 2024, Sprocket Security surveyed 200 penetration testers in our Voice of an In-House Pentester report, detailing the current state of pentesting and looking at offensive security’s trajectory for 2025. As we close the first month of the new year, what should organizations be looking forward to?

Last year, a whopping 52% of pentesters surveyed told us that they expect their organization’s penetration testing budget to increase—and not just by a little. 28% of those predicting a budget increase said that their organization will be allocating 26%-50% more toward penetration testing in 2025.

So, what is driving this change? What challenges do pentesters face that are impacting budgets?

Key Drivers


1. The Cybersecurity Landscape Is Constantly Evolving

With new threats emerging every day with increasing complexity, cybersecurity is an ever-fluid field. Organizations need to match that fluidity—by investing in offensive security, they are setting themselves up to stay ahead of threats and trends

2. Organizations Are Recognizing the Need for Proactivity

Don’t be a sitting duck. Playing defense with an antivirus or firewall isn't enough—organizations are realizing that investing in offensive security strategies is key to proactively understanding their attack surface, finding vulnerabilities, and strengthening their defenses before attackers even have the chance to exploit them. An emerging framework that’s been making waves is CTEM: Continuous Threat Exposure Management. With this framework, proactivity is what it’s all about. For a full breakdown of CTEM’s capabilities and actionable steps, click here.

3. Hackers Hurt the Wallet

A breach isn’t just costly—it can be devastating. Offensive security isn’t only about avoiding disaster, but about investing in peace of mind. The upfront cost of proactive, continuous testing pales in comparison to the financial and reputational hit of being exploited. Organizations understand this risk and are adjusting their budgets accordingly.

4. Attack Surfaces Change More Than Once Yearly

With traditional pentesting, organizations are analyzing their attack surface only periodically, sometimes once a year. But here’s the thing—every time new code is added, new employees are onboarded, or anything changes in an organization’s IT infrastructure, that attack surface changes. An assessment done in February won’t pick up vulnerabilities emerging in July. Continuous testing avoids this by analyzing your attack surface as new vulnerabilities approach—catching them before hackers can. Increasing the budget to allocate for this periodic approach is crucial.

5. Regulatory Compliance Is Top of Mind

As hackers evolve, so do compliance standards. Stricter data privacy laws mean that organizations are having to validate their security measures more frequently, pushing organizations to allocate more of their budget toward pentesting.

Challenges of Ethical Hacking and a Budget’s Impact


In our survey, we asked pentesters what current challenges they are facing. Unsurprisingly, one of the top issues raised was an inadequate budget. In fact, 34% of those surveyed said that budget restrictions impacted their work. But how?

1. Limited Scope of Testing

39% of those surveyed said that limiting testing scope was the biggest challenge they face. While organizations recognize the value of offensive security, tight budgets can impact the quality of assessment being done by limiting the frequency, depth, and scope of these tests. This leaves potential vulnerabilities unaddressed, as testers may be unable to dig deeper than the surface level. Expanding the scope requires an increased budget but ultimately provides a more accurate understanding of vulnerabilities.

2. Rapidly Evolving Threat Landscape

As the threat landscape changes and gets ever more complicated, ethical hackers must work to stay up to date, as evidenced by the 36% who reported this to be a top factor that impacts their work. This requires constant learning, specialized tools, and updated methodologies. Failing to allocate funds to address emerging threats can leave organizations exposed.

3. Lack of Skilled Personnel

The cybersecurity talent gap is well-documented, and hiring or training skilled pentesters is expensive. Budget constraints can make it difficult to hire and train top talent, leading to smaller and less effective teams. When teams are underqualified or overworked, it increases the risk of vulnerabilities being exploited—and 34% of surveyed pentesters agree.

4. Insufficient Tools and Resources

Effective penetration testing requires advanced tools to simulate real-world attacks and uncover hidden vulnerabilities, but they require some investment. Without allocating budget to the most up-to-date and effective tools, these simulations can only accomplish so much. 20% of those surveyed indicated that investing in modern solutions may increase upfront costs but ultimately can significantly enhance the depth and accuracy of penetration testing.

Ready to Strengthen Your Offensive Security?

Don’t wait for hackers to find your weaknesses—take control of your attack surface with proactive solutions. Check out our full Voice of an In-House Pentester report to hear from expert pentesters about the need for offensive security and so much more.

Want to take the next step? Request a Quote to see how we can help or Watch the Demo to explore Sprocket Security’s solutions in action.