Penetration testing is required for two main reasons:
- Everyone makes mistakes! In Microsoft Windows for instance there are over a 50 million lines of code, there are definitely going to be mistakes, and some can be costly. Hackers actively look for those mistakes.
- Hackers have all the time in the world; they get a buzz from finding vulnerabilities and they can make A LOT of money out of a compromised system. (How much would all of your data worth, if it were lost tomorrow; the cost of your business?)
Governments have now cottoned on to the fact that businesses who don’t take other peoples information seriously need to be held to account, and massive fines are now possible. But more importantly than anything, it is just an unnecessary risk not to have a second opinion about the systems that you assume to be secure.