60% reported a data breach in the past two years. Of these, 74% had at least 3 API-related breaches. Alarmingly, 40% had five or more, and 11% faced over seven, stressing the dire need for enhanced API security.
Our survey underscores that DDoS attacks stand out as the predominant API attack method resulting in a breach, with 38% of respondents confirming this.
Intriguingly, fraud and known attacks are neck and neck for the second spot, each cited by 29% of participants as a major cause of data breaches.
A significant 58% of respondents either strongly agree or agree with the assertion that APIs expand the attack surface across all layers of the technology stack. This highlights a widespread recognition of the risk introduced by APIs, despite their indispensable role in the digital landscape.
Securing APIs presents a dynamic set of challenges for organizations. Topping the list, as reported by 48% of respondents, is preventing API sprawl, reflecting the rapid proliferation of APIs in the modern enterprise. The second most pressing challenge, identified by 39%, is maintaining an accurate inventory of APIs, followed by managing third-party access to APIs, at 30%.
34% of organizations feel uncertain about the efficacy of their tools like WAF and WAAP, rating them as moderately effective (scores of 5 or 6). Meanwhile, 23% rate theirs as less effective (scores of 1 to 4). Although 43% find their solutions more satisfactory (scores of 7 to 10), it underscores that over half aren’t fully confident in their API security measures.
We’re honored to have Larry Ponemon, the founder of the Ponemon Institute, and Richard Bird, the Chief Security Officer of Traceable, as our distinguished speakers. Together, they will unpack the report’s findings, and offer their expert analysis and recommendations.
An average of 127 third parties are connected to organizations’ APIs and only 33 percent of respondents say they are effective in reducing the risks caused by these third parties’ access to their APIs. Only 35 percent of respondents say they are effective in identifying and reducing risks posed by APIs outside their organizations and 40 percent say they are effective in identifying and reducing risks within their organizations.
One reason is that most organizations do not know how much data is being transmitted through the APIs and need a solution that can detect and stop data exfiltration events happening through APIs.
The anticipation of API risk in the near future showcases a notably cautious outlook among organizations. A significant majority, totaling 61%, expect the risk associated with APIs to either increase or significantly increase over the next 12 to 24 months.
This suggests a prevailing sentiment that as the digital landscape continues to evolve, so too do the challenges and threats associated with it. Only 15% of respondents believe the risk will decrease, hinting at the urgent need for better API management and security solutions in the rapidly changing tech environment.
Financial consequences and loss of intellectual property (IP) equally resonating as the most severe, both experienced by 52% of the affected organizations.
Not far behind, brand value erosion was reported by 50% of respondents, underlining the substantial reputational risks involved. Operational disruptions were faced by 37%, indicating how breaches can fundamentally affect a company's core functionality.