Research Outline

SME Penetration Testing


To inform the pricing of a new cyber security pen testing service for small and medium-sized businesses by obtaining an overview of the costs of such penetration services (e.g., price range, typical services included, package offerings) as well as key players in this space.

Early Findings

Pricing of Penetration Testing for Small and Medium Enterprises

  • While there is significant, publicly available discourse on the subject of penetration testing for small and medium enterprises, the preponderance of discussion (e.g., Infotech News, Security Boulevard, Help Net Security, Avast) does not appear to provide quantitative estimates for the pricing of such services.
  • For example, Horangi notes that penetration testing for small businesses can be "costly," while linking to a separate article that states that businesses of all sizes can "expect to pay $7,000 for a baseline pen test of an acceptable quality."
  • Similarly, while discussing the benefits of pen testing for small businesses, Monitis states that many firms are "reluctant to post their fees for penetration testing," adding that prices for these tests in general can range from "4 to 6 digits."
  • While separate searches confirm that some cyber security companies do not readily disclose their cost information (e.g., Silent Breach), other firms such as Highbit security publish a detailed listing of pen test prices by component.
  • We therefore recommend expanding the search for pen test pricing information to other instances of publicly disclosed cost sheets, irrespective of whether these prices are specific to small, medium or large clients.

Competitors that Target Small and Medium Enterprises for Pen Testing

  • Although there appears to be no pre-compiled listing of the companies that provide penetration testing services specifically for small and medium enterprises (SMEs), the research team identified a number of cyber security firms that specifically target smaller and medium businesses when advertising their pen testing services:
  • As desired, the research team can provide competitive details for each of these firms, including their annual revenue, headcount, products/services specific to pen testing and pricing for pen testing.