The number of API security incidents is rising. As a result API security is more of a priority now than it was 12 months ago. 84% of UK businesses said that API security is more of a priority now than it was 12 months ago, compared to 78% in the US. However, 85% of UK businesses have suffered an API security incident in the last 12 months. That is a 10.6% year-on-year increase and higher than the average of 78%.
That is according to Noname Security’s annual API security report which surveyed both UK and US respondents. In 2022, 61% said they were confident in their DAST and SAST tools for API testing. But despite more security incidents taking place in the interim, in 2023 94% said they are confident that their current application testing tools are capable of testing APIs for vulnerabilities.
51% of UK respondents cited fees incurred to help fix the issues as the biggest impact of an API security incident. 50% cited loss of customer goodwill and churned accounts. 49% said the loss of productivity was the biggest impact. 52% of UK respondents now view API security as a necessary requirement for their business. 47% say it is a business enabler. 54% of UK respondents say their developers are spending between 26% and 50% of their time on refactoring and remediation.
Common attack vectors
The survey examined the most common attack vectors experienced by UK respondents, and they cited network firewalls (24%), web application firewalls (23%), and API gateways (17%). This is a change from last year, when dormant or zombie APIs and authorisation vulnerabilities were at the top of the list (both 19%).
Shay Levi, Noname Security CTO and co-founder, said: “The continuing increase in reported API security incidents over the last two years demonstrates that this is not a fleeting trend but a pressing reality that organisations must deal with and prioritise. APIs are indispensable in today’s modern environment. But everyone is worried about ransomware, phishing attacks, and data breaches. This research validates why security leaders must continue to prioritise API security.”
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData