ESG research: Organizations pursue penetration testing and/or red teaming at least once a year for the following reasons. 75% of organizations say they have a duration of two weeks or less, but this short timeframe produces useful results and benefits. Organizations use these exercises to find/fix vulnerabilities, review risk status with executives, use the results to reassess IT and security priorities, and determine where they need to hire/or train employees. The output of penetration testing/red teaming is often highly technical. Its also critical to assess defenses against new and evolving attacks. Testing results from Q1 are ancient history in Q3.”]
Source: https://www.csoonline.com/article/3387616/the-case-for-continuous-automated-security-validation.html