- Only 8% of organizations use AI-based protection solutions
- Just 6% of respondents have full documentation for all their APIs
- Half of respondents don’t know what third-party code is being used by their apps
- Only 29% of security staff are fully trained to handle API business logic attacks
Radware® (NASDAQ: RDWR), a global leader in application security and delivery solutions for multi-cloud environments, today released its new report, 2025 Cyber Survey: Application Security at a Breaking Point. The survey reveals threat areas of rapidly growing concern as organizations’ cyber defenses lag well behind. This includes a major lack of protection against AI threats, as well as API and business logic attacks, among others.
“The weaponization of AI by malicious actors is intensifying cybersecurity threats and drawing even more attention to areas where companies are simply ill-protected,” said Shira Sagiv, Radware’s vice president of product portfolio. “Internal alarms should be sounding. Companies openly admit to major concerns about gaps in cyber protection and lack of readiness, especially around web applications and APIs; yet their usage continues to climb creating even more risk and exposure.”
KEY FINDINGS
The scramble is on to catch up with AI
According to the report, the use of AI to improve and intensify hacking tradecraft is of greatest concern. Organizations have significant concerns about threat actors using AI to generate new attacks at a faster cadence, bypassing existing defenses and compromising areas that were previously too difficult to attack.
- Top concerns: The following percentage of respondents are highly or extremely concerned about hackers using AI:
- To create/improve hacking tools – 70%.
- To generate a larger volume of cyberattacks – 67%.
- To launch new zero-day attack vectors – 66%.
- Large readiness gap: Despite the concerns about hackers embracing AI, only 8% of organizations are currently using AI-based solutions for defenses.
- AI adoption: Four out of five organizations plan to implement AI-based cybersecurity solutions within the next 12 months.
Security fails to keep up with sprawling API ecosystems
APIs are in a constant state of fluctuation. Organizations are increasing their use of APIs even while they remain ill-protected.
- Surge in API usage and updates: In 2025, API usage is up 42% compared to the highest rate of usage in 2023, with multiple daily updates to APIs surging 6X during the same time frame.
- Widespread third-party usage: On average, organizations are using 19 third-party APIs per application, which introduces new types of threats around data compromise that cannot be mitigated at a coding level.
- Poor business logic attack mitigation: Business logic attacks, a common form of API attacks, represent a threat area of rapidly growing concern. While 81% of respondents say it is very or extremely important to have real-time protection measures in place:
- Just half have deployed runtime business logic protections.
- Only 29% have security staff fully trained to detect and mitigate these attacks.
- Lack of preparedness:
- On average, only 6% of respondents have full documentation for all their APIs.
- Half of respondents don’t know what third-party code is being used by their web applications, which data is being leaked to third-party services, and when malicious scripts and services are introduced.
Risks to resilience continue to rise
Survey respondents expressed a lack of confidence in the effectiveness of their defensive posture against growing threats.
- Third-party breaches: Only 16% of respondents are confident in their current protection against data breach attempts of third-party services code running on their web applications.
- Costly DDoS disruptions: Downtime caused by an application DDoS attack averages $6,100 per minute or $366,000 per hour.
- High compliance pressures: An average of 54% of respondents express high or extreme concern about a range of regulations, including NIS2, HIPAA, SEC, PCI DSS 4, GDPR, DORA, and SOX.
Methodology
The survey, which was conducted with Osterman Research, includes responses from compliance, chief risk, and data privacy officers; vice presidents of research and development; senior network security administrators; senior DevOps and DevSecOps administrators; cloud security; API architects; among other titles. The survey was conducted in nine countries across North America, EMEA, APAC, and LATAM.
Radware’s complete 2025 Cyber Survey: Application Security at a Breaking Point can be downloaded here.
Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!