41% of businesses had an API security incident last year
In the wake of the digital transformation wave, web application program interfaces (APIs) have experienced exponential growth as the rise of integrated web and mobile-based offerings requires significantly more data sharing across products. As dependency on APIs increases, so do its related security challenges like broken authentication, authorization, and accidental disclosure or breach of data.
With concerns continuing to mount, a 451 Research and Noname Security report covers the key characteristics and security risks present in API usage today and how a holistic approach to API security provides a gateway to a frictionless user experience.
Conducted in January 2022 and featuring results from IT experts representing over 350 global companies in diverse industries with 3,000+ full-time employees, the report captures the main pain points associated with API security today, the effectiveness of other enterprise-grade security solutions, and characteristics of effective API security solutions such as maintaining accurate API inventories and requiring user authentication.
API security challenges
- APIs are heavily leveraged, with an average of 15,564 APIs in use among survey respondent organizations, and a growth rate of 201% over the past 12 months.
- 41% of the organizations represented by survey respondents had an API security incident in the last 12 months; 63% of those noted that the incident involved a data breach or data loss.
- 90% of respondents noted that their organizations have API authentication policies in place, but 31% expressed shaky confidence that those policies ensured adequate levels of authentication.
- 35% of survey respondents said projects were specifically delayed due to API security concerns; 87% of those believe more effective integration of API security testing (AST) into developer pipeline activities could have prevented those delays.
- Only 51% of respondents have full confidence in their API inventories; 26% reported that their inventory update processes are manual.
“With API usage continuing to grow, this extreme level of use and dependency has enabled many vulnerabilities to rise to the surface, making securing these APIs across sectors more paramount than ever,” said Daniel Kennedy, Principal Research Analyst for Information Security for the Voice of the Enterprise (VotE) quantitative research product at 451 Research.