Cybersecurity Report: Expert Urges Organisations to Embrace Offensive Security
- Bild-Infos
- Download
Cybersecurity Report: Expert Urges Organisations to Embrace Offensive Security
- Organizations are encouraged to adopt offensive security methods such as continuous, autonomous pentesting, as annual audits create prolonged gaps in visibility and protection.
- New Horizon3.ai survey finds 49% of organizations test once a year or less. Experts warn that only a continuous risk assessment approach can keep pace with fast-evolving, AI-driven threats.
Dubai, 21 January 2026 – Continuous penetration testing – the self-assessment of a company’s IT infrastructure to validate its cyber resilience – must now become standard practice for organizations operating in today’s threat landscape, says Tamer Odeh, Middle East and Africa Regional Lead at security company Horizon3.ai. He warns that annual or infrequent tests create dangerous visibility gaps as both weaknesses and threats evolve at high speed.
His call to action follows the company’s 2025/26 Cybersecurity Survey, which reveals that although 80% of respondents conduct some form of penetration testing, only 21% use an automated tool or platform, and 49% test just once a year or even less frequently.
Tamer Odeh explained: “You only know how resilient an IT network really is to cyberattacks if you actively put it to the test. Only penetration tests can determine whether an organization is actually protected against cyber attacks. Ideally, the networks and systems that matter most should be tested continuously—automated where possible—so boards see consistent progress rather than irregular snapshots.”
The survey of 150 organisations across multiple sectors also highlights the urgency of the matter: 66% reported a cyber breach or attack in the past two years; 22% faced a single incident, 25% reported two, and 38% experienced three or more.
Tamer Odeh added: “Many organizations rely on dozens of cyber defence tools, assuming they are fully protected against attacks. But you can’t trust that everything will work perfectly without active testing. The best way to test for risk is to safely attack yourself using the same TTPs adversaries use. That is precisely what Horizon3.ai’s Offensive Security Platform enables—revealing what is exploitable, not just what appears vulnerable.”
Increase Automated Pentesting From Ad Hoc to Full Scale
The cybersecurity specialist calls on organizations to move from occasional tests to a proactive and continuous pentesting cadence. Doing so helps safeguard systems against real-world attacks, maximize the return on existing security spend, and give boards clear evidence of improved assurance for compliance and regulatory reporting.
Tamer Odeh stated: “Human judgement still matters. Automation doesn’t completely replace experts. Instead, it removes repetitive manual tasks and ensures autonomous risk assessments can be launched consistently and at scale, showing what attackers could actually exploit.”
Even the 'Demilitarised Zone' Is No Longer Safe
The frequency and depth of penetration testing are crucial to a robust cybersecurity strategy. Organisations must test both external and internal environments, as remote work, IoT devices, and mobile access have dramatically expanded attack surfaces.
The security expert explained: "With remote work, the Internet of Things, and mobile access, more devices are connecting to company networks from external locations, increasing the potential attack surface. Modern security strategies must assume that hackers will breach the outer defenses and gain initial access to a network segment, from which they can then launch internal attacks."
“Even a demilitarised zone (DMZ) should not be trusted by default,” he added. “With credential misuse and configuration drift driving many breaches, a DMZ must be treated as an untrusted segment—reinforced with strict access controls, continuous monitoring, and clear separation from core systems.”
Evidence, not assumptions
Horizon3.ai positions continuous, autonomous pentesting as a way to replace assumptions with evidence. Rather than checking only for the presence of tools or configuration settings, autonomous tests safely exercise attacker techniques to show what is exploitable, not just what is vulnerable, and to verify that remediations hold up under real-world conditions.
Horizon3.ai’s Offensive Security Platform supports this approach by safely running attacker-like techniques in production, revealing viable attack paths, validating fixes, and tracking improvement over time. The company advises organisations to embed this kind of frequent validation into operational routines so that security improvements can be measured consistently.
Tamer Odeh added: "I recommend that every board member, managing director, and IT manager across all industries subject their organization to this critical assessment — because the threat landscape is evolving far faster than traditional defences.”
About the Cybersecurity Survey 2025/26 (methodology)
The Horizon3.ai Cybersecurity Survey 2025/26 captured responses from 150 organisations across multiple sectors via an online questionnaire.
About Horizon3.ai.
Horizon3.ai’s NodeZero® platform is trusted by over one-third of the Fortune 10 companies, the world’s largest banks, top global pharmaceutical and semiconductor manufacturers, critical infrastructure operators around the globe, and the US Defense Industrial Base to proactively find, fix, and verify exploitable vulnerabilities to continuously fortify cyber defenses and improve cyber resilience. The fastest-growing cybersecurity company in America (Inc. 5000, Deloitte Fast 500), Horizon3.ai was founded by a mix of US Special Operations veterans and industry experts and is headquartered in San Francisco.
Follow Horizon3.ai on LinkedIn and X.
Trademark notice: NodeZero is a trademark of Horizon3.ai
Further information: Press contact: Stephen Gates - press@horizon3.ai, Web: www.horizon3.ai
PR Agency: euromarcom public relations GmbH, Web: www.euromarcom.de, Email: team@euromarcom.com
- - - -