External Pressures That Drive Companies to Hire Security Assessors and Penetration Testers

D.

The external pressure that causes companies to hire security assessors and penetration testers is D) regulatory insistence on independent reviews.

Regulations, such as HIPAA, PCI DSS, and Sarbanes-Oxley, require organizations to have independent reviews of their security controls to ensure compliance with the respective regulations. These regulations often require that the reviews be performed by qualified and independent third-party assessors.

Regulatory compliance is a critical concern for companies, as failure to comply with these regulations can result in legal and financial penalties, as well as damage to their reputation. Therefore, companies hire security assessors and penetration testers to conduct independent reviews of their security controls, identify vulnerabilities and recommend remediation actions to maintain compliance.

In-house testing skills (A) could be a factor in some cases, but it is not a major external pressure driving companies to hire external security assessors and penetration testers.

Geographically based assessments (B) may be required in some cases, but it is not a significant factor driving the need for external security assessments and penetration testing.

Cost reduction measures (C) are important considerations for companies, but they are not a major factor driving the need for external security assessments and penetration testing. In fact, the cost of hiring external assessors and testers may be higher than building in-house capabilities, but regulatory requirements often make it necessary to do so.