New Study Finds 84% of Security Professionals Experienced an API Security Incident in the Past Year
Only 27% of respondents know which APIs return the sensitive data that attackers seek
The study finds that 84% of respondents experienced an API security incident over the past 12 months. This marks the third straight year of increased incursions and marks an all-time high (up from 78% in 2023). The number is also consistent with recent Akamai research that shows a rise in API attacks.
Although API incursions are up, the percentage of participants who have a full API inventory and know which APIs exchange sensitive data dropped from an already low 40% in 2023 to just 27% in 2024. According to the
The API Security Impact Study surveyed security leaders from the following industries: financial services, retail/ecommerce, healthcare, government/public sector, manufacturing, energy/utilities, automotive, and insurance. Energy/utilities reported the highest number of API security incidents (91%), yet that industry ranked API security as their lowest priority among the 13 options given. Conversely, retail/ecommerce reported the lowest number of API incidents (68%) and cited API security as a top priority (21.3%) — higher than any other industry surveyed.
Other findings of the survey include:
- The average cost to remediate API incidents was
$591,404 inthe United States In sectors such as financial services, the average rose to$832,801 . - There is general consensus among all roles in all regions that the greatest impacts of API security incidents fall on security staff. Participants ranked the levels of stress and/or pressure on their teams from API security to be slightly higher than those from remediation costs and regulatory fines.
- The top-ranked security priorities for CISOs over the next 12 months are addressing generative AI–fueled threats (25.5%) and securing APIs (24.8%).
- In 2023, 18% of
U.S. andU.K. respondents said they tested APIs in real time. Among the same cohort in 2024, that figure fell to 13%. Many of the causes for API incidents that were cited by survey takers are exactly the types of issues real-time testing can help address. - Top-ranked causes of API incidents include vulnerabilities cited in the OWASP Top 10 API Security Risks and a candid admission that commonly used API tools did not catch the issues.
"Our research shows that API security has yet to become a key element in a comprehensive security strategy," said
The study offers not only insights about survey findings but also recommendations that security teams can use to enhance their API security strategies. This includes undertaking a full inventory of APIs, regular testing to ensure APIs are coded correctly, and implementing runtime detection to differentiate between "normal" and "abnormal" API activity.
The API Security Impact survey was conducted by Opinion Matters between
About Akamai
Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense-in-depth to safeguard enterprise data and applications everywhere. Akamai's full-stack cloud computing solutions deliver performance and affordability on the world's most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence. Learn more at akamai.com and akamai.com/blog, or follow
Contact
Akamai Media Relations
703.907.9103
jlubinsk@akamai.com
View original content to download multimedia:https://www.prnewswire.com/news-releases/new-study-finds-84-of-security-professionals-experienced-an-api-security-incident-in-the-past-year-302303810.html
SOURCE
