70 percent of organizations perform penetration tests as a way to measure their security posture and 69 percent to prevent breaches. Only 38 percent test more than half of their attack surface annually. The research shows that when using penetration testing as a security practice organizations lack visibility over their internet-exposed assets, resulting in blind spots that are vulnerable to exploits and compromise. It’s common for organizations with 3,000 employees or more to have upwards of 10,000 internet-connected assets, however 36 percent of survey respondents said that only 100 or fewer assets are covered by pen tests.
Source: https://www.helpnetsecurity.com/2021/04/29/penetration-testing-blind-spots/