Penetration testing campaigns generate remediation recommendations based at least in part on information about files stored in network nodes of the tested networked system. Information is obtained about files stored in a plurality of network nodes of the networked system, and based on the obtained information, a corresponding data-value score for each network node of the plurality of network nodes is determined according to a common data-value metric. The penetration testing campaign is executed, following which one or more remediation recommendations are selected based on the data-value scores corresponding to at least some of the plurality of network nodes.