Report: 76% of organizations have had an API security incident in the past year

APIs are the lifeblood of digital transformation and lie at the heart of corporate strategies for growth and innovation. Nearly all businesses rely on APIs to connect services, transfer data and control key systems. In fact, APIs now drive mission-critical processes across organizations.

The exploding adoption of APIs has also greatly expanded organizations’ attack surfaces, increasing the need for enterprises to focus on API security. But as organizations transition into a multitude of cloud, hybrid and on-premises digital environments, this complexity makes it difficult for security teams to find and fix problems quickly.

In July 2022, Noname Security commissioned a survey from the independent research organization, Opinion Matters, to better understand the state of the API security environment and to examine the challenges facing organizations.

High-level findings

Noname’s research uncovered a level of complacency and potential denial around the risks that APIs present. While 76% of respondents surveyed said that they had experienced an API security incident, there were also high levels of confidence in their existing solutions, with 67% saying they were happy with the protection provided and the API security provided by either CSPs or specialist security providers. A majority, 71%, stated that they were confident and satisfied that they were receiving sufficient API protection.

There is clearly a disconnect between what is happening in the real world and organizational attitudes towards API security. The level of misplaced confidence around API security is disproportionately high in comparison to the number and severity of API-related breaches. This points to the need for further education by security, appsec and development teams around the realities of API security.

Overall, the research exposed a disconnect between the high level of incidents, the low levels of visibility, effective monitoring and testing of the API environment, and a level of over-confidence that their tools and providers were preventing attacks.

Methodology

600 senior cybersecurity professionals in the USA and U.K. were surveyed from across a variety of enterprise organizations in six key vertical market sectors: financial services, retail and ecommerce, healthcare, government and public sector, manufacturing, and energy and utilities.

Read the full report from Noname Security.