API Security

84% Security Professionals Report API Incidents in Past Year: New Study

Only 27% of respondents know which APIs return the sensitive data that attackers seek

Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today announced new research showing that while API attacks are rising, visibility into API risks that open doors for attackers is declining. Now in its third year, the API Security Impact Study (formerly the API Security Disconnect) explores the state of API protection based on a survey of 1,207 security leaders and practitioners across the United States, United Kingdom, and Germany.

The study finds that 84% of respondents experienced an API security incident over the past 12 months. This marks the third straight year of increased incursions and marks an all-time high (up from 78% in 2023). The number is also consistent with recent Akamai research that shows a rise in API attacks.

Although API incursions are up, the percentage of participants who have a full API inventory and know which APIs exchange sensitive data dropped from an already low 40% in 2023 to just 27% in 2024. According to the May 2024 Gartner® Market Guide for API Protection: “Current data indicates that the average API breach leads to at least 10 times more leaked data than the average security breach.” This suggests API security will be a major issue for the foreseeable future.

The API Security Impact Study surveyed security leaders from the following industries: financial services, retail/ecommerce, healthcare, government/public sector, manufacturing, energy/utilities, automotive, and insurance. Energy/utilities reported the highest number of API security incidents (91%), yet that industry ranked API security as their lowest priority among the 13 options given. Conversely, retail/ecommerce reported the lowest number of API incidents (68%) and cited API security as a top priority (21.3%) — higher than any other industry surveyed.

Other findings of the survey include:

  • The average cost to remediate API incidents was $591,404 in the United States In sectors such as financial services, the average rose to $832,801.
  • There is general consensus among all roles in all regions that the greatest impacts of API security incidents fall on security staff. Participants ranked the levels of stress and/or pressure on their teams from API security to be slightly higher than those from remediation costs and regulatory fines.
  • The top-ranked security priorities for CISOs over the next 12 months are addressing generative AI–fueled threats (25.5%) and securing APIs (24.8%).
  • In 2023, 18% of U.S. and U.K. respondents said they tested APIs in real time. Among the same cohort in 2024, that figure fell to 13%. Many of the causes for API incidents that were cited by survey takers are exactly the types of issues real-time testing can help address.
  • Top-ranked causes of API incidents include vulnerabilities cited in the OWASP Top 10 API Security Risks and a candid admission that commonly used API tools did not catch the issues.

“Our research shows that API security has yet to become a key element in a comprehensive security strategy,” said Rupesh Chokshi, Senior Vice President and General Manager, Application Security, Akamai. “Organizations mostly treat API threats as emerging, when the attack data — as well as the financial impact and stress on security teams — shows they keep growing. We believe that the API Security Impact Study will help companies to better assess API protections and improve them where needed.”

The study offers not only insights about survey findings but also recommendations that security teams can use to enhance their API security strategies. This includes undertaking a full inventory of APIs, regular testing to ensure APIs are coded correctly, and implementing runtime detection to differentiate between “normal” and “abnormal” API activity.

The API Security Impact survey was conducted by Opinion Matters between June 12, 2023, and July 7, 2024.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

Related posts

Wallarm announces Policy Integration with MuleSoft AnyPoint Platform

Business Wire

Akamai Technologies To Acquire API Security Company Neosec

PR Newswire

Lou DiFruscio Joins Invicti Security as Chief Revenue Officer

PR Newswire