New study shows 84% of security professionals have experienced an API security incident in the past year

Only 27% of the respondents Know which APIs return the sensitive data attackers are looking for

CAMBRIDGE, Mass., November 13, 2024 /PRNewswire/ — Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that enables and protects life on the Internet, today announced new research showing that while API attacks are increasing, the visibility of API risks that open doors to attackers is decreasing . Now in its third year API security impact study (formerly API Security Disconnect) examines the state of API protection based on a survey of 1,207 security leaders and practitioners from around the world the United States, United KingdomAnd Germany.

The study finds that 84% of respondents have experienced an API security incident in the last 12 months. This is the third consecutive year of increased declines and an all-time high (up from 78% in 2023). The number also agrees with current Akamai research This shows an increase in API attacks.

Although API breaches are increasing, the percentage of participants who have a complete API inventory and know which APIs exchange sensitive data has dropped from an already low 40% in 2023 to just 27% in 2024 May 2024 Gartner® Market Guide for API Protection: “Current data shows that the average API breach results in at least ten times more data leaks than the average security breach.” This suggests that API security will be a major concern for the foreseeable future .

The API Security Impact Study surveyed security leaders from the following industries: financial services, retail/e-commerce, healthcare, government/public sector, manufacturing, energy/utilities, automotive, and insurance. Energy/utilities reported the highest number of API security incidents (91%), yet this industry ranked API security as its lowest priority among the 13 options listed. Conversely, retail/ecommerce reported the lowest number of API incidents (68%) and cited API security as a top priority (21.3%) – higher than any other industry surveyed.

Other results of the survey include:

The average cost of resolving API incidents was $591,404 In the United States In industries such as financial services, the average rose $832,801.
There is general consensus across all roles in all regions that the greatest impact of API security incidents falls on security personnel. Participants rated the level of burden and/or pressure placed on their teams by API security as slightly higher than the level of remediation costs and regulatory fines.
The top security priorities for CISOs over the next 12 months are dealing with generative AI-powered threats (25.5%) and securing APIs (24.8%).
In 2023, 18% of respondents in the US and UK said they tested APIs in real time. In the same cohort, this figure fell to 13% in 2024. Many of the causes of API incidents cited by survey respondents are exactly the types of problems that real-time testing can solve.
The most common causes of API incidents include vulnerabilities identified in the OWASP Top 10 API Security Risks and the open admission that commonly used API tools failed to detect the issues.

“Our research shows that API security has not yet become a key element of a comprehensive security strategy,” he said Rupesh ChokshiSenior Vice President and General Manager, Application Security, Akamai. “Organizations tend to view API threats as emerging when attack data – as well as the financial impact and burden on security teams – shows that they continue to grow. We believe the API Security Impact Study will help companies better assess and improve API protection where needed.”

The study not only provides insights into survey results, but also recommendations that security teams can use to improve their API security strategies. This includes conducting a complete inventory of APIs, regular testing to ensure APIs are coded correctly, and implementing runtime detection to distinguish between “normal” and “abnormal” API activity.

The API Security Impact survey was conducted by Opinion Matters between June 12, 2023And July 7, 2024.

About Akamai
Akamai is the cybersecurity and cloud computing company that empowers and protects online businesses. Our market-leading security solutions, world-class threat intelligence, and global operations team provide comprehensive defenses to protect enterprise data and applications everywhere. Akamai's full-stack cloud computing solutions deliver performance and affordability on the world's most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scalability and expertise they need to grow their businesses safely. Find out more at akamai.com And akamai.com/blogor follow Akamai Technologies on X And LinkedIn.

contact
Jim Lubinskas
Akamai Media Relations
703.907.9103
[email protected]

SOURCE Akamai Technologies, Inc.