Every business is unique, so we made cybersecurity simple for everyone.
Tell Us Your Needsfor more please visit our Contact Page
For any of the test types above, the factor affecting price the most is whether you choose an internal or external penetration test.
Internal attack surfaces are nearly always larger, and contracting for an internal penetration test as well as an external will significantly increase your organization’s cost.
For some firms, there is business value in being able to show a penetration test from a large, reputable vendor. Whether for increased trust or prestige, it is possible for these firms to justify a higher penetration test cost.
JacarTech may not carry the same recognition but may be able to perform a high-quality penetration test with an actionable report for a fraction of the cost.
Many cybersecurity vendors offer penetration testing, but JacarTech specialize in it. We even do only penetration testing.
Rather than obsessing over cost, it’s crucial to match JacarTech to your goals. Are you looking to tighten the screws all the way on your security program? JacarTech is the right choice. Are you ticking a requirement for compliance purposes? JacarTech is the right choice.
We deliver a short report, with clear and actionable steps for remediation, that comes with a follow-up meeting where the testers can advise your IT department
We deliver a sanitized report so you can know in advance what you’ll be getting at the end of the test.
While there are cases where penetration testing may be a one-time cost, this is not a typical cost pattern for most organizations.
In many cases, an organization should expect to have follow-up costs for remediation testing, validation testing, or just recurring testing.
Before touching on recurring testing frequencies that should be planned for, one cost that can be accounted for upfront during the initial contract is related to remediation or validation testing. If your organization is interested in having these add-on services, regardless of test type, it is worthwhile to negotiate those upfront as this may help with getting a better rate or overall price.
As for recurring testing, it really depends on the test type and the maturity of the organization. Application penetration testing can be done yearly, or more frequently if an application is under rapid development with large changes. Network penetration testing is typically anywhere from quarterly to yearly and for PCI-compliant organizations, this is required to be bi-annual. Finally, red-team activity can be anywhere from quarterly to yearly or less frequent. The reality is that in most cases, your organization will set the frequency for follow-up testing based on risk tolerance and changes in the environment.
Penetration testing services are harder to compare to other security controls or capabilities, because the product is intangible, outside of the final report. A pentest is a point-in-time assessment, where a consultancy will disappear for weeks at a time to conduct testing and come back with a report.
Many organizations will ask, “what am I getting compared to our endpoint detection and response provider or a firewall solution provider?” The reality is that the organization will get an understanding of where weaknesses occur, how those controls or tools might be implemented, how those weaknesses can be exploited, and what the potential impact may be. This makes it really hard to compare the cost to a more tangible hardware/software-based partner solution. Keeping this in mind, there are relationships between those services and penetration testing. The larger and more complex a company, the higher the cost will be for security in general.
The most relatable services to compare costs to would-be vulnerability assessments, risk assessments, and gap assessments, as these services all provide some output after a dark period of work to the organization.
Vulnerability assessments for example will typically cost anywhere from 10% to 50% of the cost of a penetration test.
The cost of a gap assessment to an organization could be 75% to 125% of the cost of a typical penetration test.