May 3, 2022

Why Aren't More Institutions Conducting Penetration Testing?

Financial institutions are required to implement Information Security and Cybersecurity Programs that include controls and safeguards to mitigate threats such as network intrusion and compromise, unauthorized access to systems and data, and data breach. 

Once cyber risk controls have been implemented, many institutions make the mistake of not assessing and testing whether the controls are effectively protecting the network.  Very often, lack of testing leads to IT audit and regulatory exam findings and recommendations.

One of the ways that controls can be assessed for adequacy is through network penetration testing.  Penetration testing is designed to assess how effective and appropriate security controls are in preventing and detecting attacks to your network systems.  The results and information gathered following a penetration test is crucial to strengthening your security controls and identifying how your institution would be able to handle a malicious intrusion event.   

Let us help you enhance the security of your network. BTG engages with financial institutions nationwide to provide Penetration Testing services. Contact Elisabeth Esposito, Vice President at BTG for more information: or 800.355.4550.