New Study Finds 84% of Security Professionals Experienced an API Security Incident in the Past Year
Monday, November 18, 2024
Only 27% of respondents know which APIs return the sensitive data that attackers seek
CAMBRIDGE, Mass., Nov. 13, 2024 /PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today announced new research showing that while API attacks are rising, visibility into API risks that open doors for attackers is declining. Now in its third year, the API Security Impact Study (formerly the API Security Disconnect) explores the state of API protection based on a survey of 1,207 security leaders and practitioners across the United States, United Kingdom, and Germany.
The study finds that 84% of respondents experienced an API security incident over the past 12 months. This marks the third straight year of increased incursions and marks an all-time high (up from 78% in 2023). The number is also consistent with recent Akamai research that shows a rise in API attacks.
Although API incursions are up, the percentage of participants who have a full API inventory and know which APIs exchange sensitive data dropped from an already low 40% in 2023 to just 27% in 2024. According to the May 2024 GartnerĀ® Market Guide for API Protection: "Current data indicates that the average API breach leads to at least 10 times more leaked data than the average security breach." This suggests API security will be a major issue for the foreseeable future.
The API Security Impact Study surveyed security leaders from the following industries: financial services, retail/ecommerce, healthcare, government/public sector, manufacturing, energy/utilities, automotive, and insurance. Energy/utilities reported the highest number of API security incidents (91%), yet that industry ranked API security as their lowest priority among the 13 options given. Conversely, retail/ecommerce reported the lowest number of API incidents (68%) and cited API security as a top priority (21.3%) -- higher than any other industry surveyed.
Other findings of the survey include:
-- The average cost to remediate API incidents was $591,404 in the United
States In sectors such as financial services, the average rose to
$832,801.
-- There is general consensus among all roles in all regions that the
greatest impacts of API security incidents fall on security staff.
Participants ranked the levels of stress and/or pressure on their teams
from API security to be slightly higher than those from remediation
costs and regulatory fines.
-- The top-ranked security priorities for CISOs over the next 12 months are
addressing generative AI-fueled threats (25.5%) and securing APIs
(24.8%).
-- In 2023, 18% of U.S. and U.K. respondents said they tested APIs in real
time. Among the same cohort in 2024, that figure fell to 13%. Many of
the causes for API incidents that were cited by survey takers are
exactly the types of issues real-time testing can help address.
-- Top-ranked causes of API incidents include vulnerabilities cited in the
OWASP Top 10 API Security Risks and a candid admission that commonly
used API tools did not catch the issues.
"Our research shows that API security has yet to become a key element in a comprehensive security strategy," said Rupesh Chokshi, Senior Vice President and General Manager, Application Security, Akamai. "Organizations mostly treat API threats as emerging, when the attack data -- as well as the financial impact and stress on security teams -- shows they keep growing. We believe that the API Security Impact Study will help companies to better assess API protections and improve them where needed."
The study offers not only insights about survey findings but also recommendations that security teams can use to enhance their API security strategies. This includes undertaking a full inventory of APIs, regular testing to ensure APIs are coded correctly, and implementing runtime detection to differentiate between "normal" and "abnormal" API activity.
The API Security Impact survey was conducted by Opinion Matters between June 12, 2023, and July 7, 2024.
About Akamai
Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense-in-depth to safeguard enterprise data and applications everywhere. Akamai's full-stack cloud computing solutions deliver performance and affordability on the world's most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence. Learn more at akamai.com and akamai.com/blog, or follow Akamai Technologies on X and LinkedIn.
Contact
Jim Lubinskas
Akamai Media Relations
703.907.9103
jlubinsk@akamai.com
View original content to download multimedia:https://www.prnewswire.com/news-releases/new-study-finds-84-of-security-professionals-experienced-an-api-security-incident-in-the-past-year-302303810.html
SOURCE Akamai Technologies, Inc.
|
|
|
|
|
 |
Indusface redefines WAAP user experience with industry-first innovations in AppTrana | Mar 28, 2025
|
|
EXECUTIVE PRODUCER BRADLEY COOPER'S FILM CAREGIVING TO PREMIERE ON PBS FOR NATIONWIDE BROADCAST JUNE 24 STREAMING BEGINS MAY 27 | Mar 28, 2025
|
|
Trend Micro Launches Voice-Enabled ScamCheck Capability to Help Protect Consumers from the Rising Threat of Global Scams | Mar 28, 2025
|
|
Splitit Unveils First Fully Embedded White-Label Installment Solution for Shopify Merchants | Mar 28, 2025
|
|
/C O R R E C T I O N -- Bell Canada (MTL)/ | Mar 28, 2025
|
|
Keeper Security Unveils Latest WearOS App for Seamless Password Management | Mar 28, 2025
|
|
Hornetsecurity named Top Player in Radicati's Secure Email - Market Quadrant 2025 | Mar 28, 2025
|
|
Ontinue Research Reveals Ransomware Attacks Surged 132% Despite 35% Drop in Payments | Mar 28, 2025
|
|
Identity Theft After a Data Breach? Legal Action May Recover Your Losses | Console & Associates | Mar 28, 2025
|
|
BFSI Security Summit 2025 to Address Rising Cybersecurity Threats in Africa's Financial Sector | Mar 28, 2025
|
|
|
