Penetration testing to all new systems is now a norm, like the system that I personally set up when I joined the cabinet was subject to six months of penetration testing by top-notch white hat hackers before we even rolled it out to other departments and so on.