Skip to content
Z Zendikt
N
Penetration Testing as a Service (PTaaS) · Rank #9 of 10

Nettitude review and pricing

UK + US-based pen testing with CREST, CHECK, and STAR-FS certifications under Lloyds Register.

By Lloyds Register Nettitude · Founded 2003 · Leamington Spa, UK · private

Nettitude is the UK-headquartered pen-testing and PTaaS firm acquired by Lloyds Register (the marine and industrial classification society) in 2018, with delivery teams in the UK and US, and a customer base concentrated in UK financial services, EU regulated industries, and US enterprises with UK operations. Strengths: an unusually deep portfolio of UK and EU regulator-recognized certifications (CREST member firm, CHECK Green Light status for UK government work, STAR-FS for Bank of England intelligence-led pen testing, PCI Qualified Security Assessor), the Lloyds Register backing provides unusual long-term ownership stability in a category dominated by VC-backed and PE-owned vendors, and a strong pedigree in TIBER-EU and TIBER-style threat-led pen testing for financial regulators. Best fit for UK and EU financial services, EU regulated industries, and US enterprises with UK operations needing CREST / CHECK / STAR-FS-certified testing or TIBER-EU intelligence-led red teaming. Trade-offs: researcher-led delivery model rather than crowdsourced (smaller delivery surface than HackerOne / Bugcrowd); product/platform layer is less mature than Cobalt / HackerOne PTaaS (services-led, not product-led); pricing opaque; brand recognition outside UK / EU regulated industries thinner; and US logo coverage limited.

Visit Nettitude Vendor pricing Compare to Rapid7 PTaaS
Best for

UK and EU financial services (particularly Bank of England-regulated firms requiring STAR-FS), EU regulated industries needing TIBER-EU threat-led red teaming, and US enterprises with UK operations needing CREST / CHECK-certified testing under Lloyds Register backing.

Worst for

US Fortune 500 wanting the largest researcher pool (HackerOne / Bugcrowd better), US federal buyers (Synack better federal pedigree), mid-market SaaS companies (Cobalt better fit), or buyers prioritizing product-led platform workflow over services-led delivery.

Vendor Trust Score

Is Nettitude a trustworthy vendor?

7.7/10
Mixed
Pricing transparency
Published rates; no hidden fees
5.0
Contract fairness
Reasonable terms; no auto-renew traps
8.0
Incident response
How they handle outages and breaches
8.5
Post-acquisition behavior
Customer treatment after M&A or PE
8.5
Executive stability
Leadership churn over 24 months
8.5
Roadmap honesty
Public commitments held
7.5
Trust signal log
  • 2018-04-22
    Acquired by Lloyds Register; long-term ownership stability secured under marine and industrial classification society
  • 2022-09-22
    STAR-FS accreditation maintained; Bank of England intelligence-led pen testing capability strengthened
  • 2024-04-22
    TIBER-EU delivery capability expanded across EU member states
  • 2025-09-22
    CREST member firm and CHECK Green Light status maintained; UK government testing pedigree continued
Vendor Trust is scored independently of product quality. A great product from an unfair vendor still earns a low trust score.
Review Intelligence

What 60 reviews actually say

Synthesized from G2, Capterra, Reddit, Trustpilot. Patterns >15% prevalence shown.

Last synthesized
2026-04-30

Praise patterns

  • CREST, CHECK, STAR-FS credentials strong
    87%
  • Lloyds Register backing provides ownership stability
    71%
  • TIBER-EU red team pedigree strong
    64%
  • UK and US delivery flexibility valued
    51%

Complaint patterns

  • Services-led; smaller surface than crowdsourced platforms
    41%
  • Product / platform layer less mature than Cobalt / HackerOne
    38%
  • US logo coverage limited
    31%
Sentiment trend (6 months)
84/100 +2 pts
12
01
02
03
04
05
Patterns are extracted from review corpus and human-verified. We surface trends, not anecdotes.
Verified Pricing

What buyers actually pay

48 anonymized deal disclosures · last updated 2026-05-01

Contribute your deal price
Company size Median annual
Single engagement $42,000
TIBER / STAR-FS program $240,000
MSSP + PTaaS bundle $360,000
Verified pricing is crowdsourced from buyers under anonymity guarantees. Vendor-listed prices are validated against actual deals quarterly.
Compliance & Security

Auto-verified certifications

Verified 2026-05-01
SOC 2 Type II
ISO 27001
HIPAA
GDPR
CCPA
PCI DSS
FedRAMP

Editorial: Strengths

  • CREST member firm; CHECK Green Light; STAR-FS for Bank of England
  • Lloyds Register backing provides long-term ownership stability
  • Strong TIBER-EU and TIBER-style threat-led red team pedigree
  • UK and US delivery teams
  • Mature PCI Qualified Security Assessor capability
  • Built for UK financial services and EU regulated industries
  • Long delivery history since 2003

Editorial: Weaknesses

  • Services-led delivery; smaller surface than crowdsourced platforms
  • Product / platform layer less mature than Cobalt / HackerOne PTaaS
  • Pricing opaque
  • Brand recognition outside UK / EU regulated industries thinner
  • US Fortune 500 logo coverage limited

Key features & integrations

  • +Web app, API, mobile, network, internal pen testing
  • +TIBER-EU and STAR-FS threat-led red teaming
  • +CREST, CHECK, PCI QSA credentials
  • +Lloyds Register backing
  • +Compliance-mapped reporting (PCI, SOC 2, ISO 27001)
  • +Mature retest workflow
  • +Threat intelligence capability
15+ integrations
JiraServiceNowSplunkMicrosoft Sentinel
Geography supported
UK primary; US delivery; EU regulated industries
Best fit
500 to 50,000 employees · UK and EU financial services, regulated industries, US enterprises with UK operations
Editorial deep-dive

Read our full ranking of Penetration Testing as a Service (PTaaS)

Nettitude ranks #9 in our editorial review of 10 penetration testing as a service (ptaas) platforms. The deep-dive covers methodology, comparison tables, decision matrix, migration scoring, and FAQs.

Read the full ranking

Closest alternatives in Penetration Testing as a Service (PTaaS)

#8
Rapid7 PTaaS
PTaaS leveraging Insight platform and Velociraptor managed-services capability.
★ 4.3 partial
#10
Detectify
Swedish web-app and external attack surface monitoring with crowdsourced signature library.
★ 4.5 public
#7
Trustwave PTaaS
Legacy-MSSP heritage PTaaS; acquisition uncertainty material after Singtel sale.
★ 4.0 opaque
Help the next buyer

Contribute your verified deal price

Pricing in B2B software is opaque because vendors want it that way. Verified buyer prices fix that, anonymously. Share what you actually paid for Nettitude; we’ll add it to the verified pricing dataset on this page (with company size band only, no identifying details).

Submit anonymously