What is the difference between penetration testing and a cyber security review?

When organisations want to test their cyber security readiness, it can be confusing to know what they need to do. Many testing services highlight vulnerabilities and flaws within their system but do so in different ways. Ultimately, it’s important to utilise a variety of testing techniques to ensure that every aspect of a system is protected.

Initially, we would always recommend a cyber security review followed by internal, external, and, if applicable, web application penetration testing. When we describe these services to organisations, though, they often question the difference between the two.