Findings expose the true scale of API-related data breaches, top API security challenges, and the profound impact on global cybersecurity
Traceable AI, the industry’s leading API security company, today released its comprehensive research report – the 2023 State of API Security: A Global Study on the Reality of API Risk.
Despite APIs being critical to the modern enterprise, until now, there has not been an extensive, global study offering a panoramic view of the API security landscape. Traceable believed that it was time to fill this gap and embarked on this research journey with the Ponemon Institute.
Engaging 1,629 cybersecurity experts across the United States, the United Kingdom, and EMEA, this exhaustive study presents a unique perspective into the dark reality of API-related data breaches and their impact on organizations. Download the full report for in-depth insights and recommendations.
The report critically analyzes API-related data breaches, API sprawl, the use of traditional solutions such as Web Application Firewalls, API governance and the emerging role of Zero Trust Security in fortifying API security. These global findings provide profound insight into the challenges and security practices of organizations around the world, assessing their awareness and strategies for addressing API security risks.
Findings from the survey underscore the urgency of API security:
74% Reported at Least Three API-Related Breaches in the Past Two Years: Within the last two years, 60% of organizations faced at least one API-related breach. Disturbingly, 74% of these endured three or more incidents, revealing a relentless threat landscape with 23% undergoing six or more breaches.
DDoS Tops the List with 38% as the Primary API Attack Vector: Alongside fraud and known attacks, DDoS stands out as the primary API breach method. Compounding this, 58% agree that APIs substantially expand organizations’ attack surface.
Only 38% Understand Unique Context of APIs; 57% Doubt Traditional Security: Only 38% can discern intricate context between API activity, user behaviors, and data flow. Plus, a significant 57% of respondents feel traditional security solutions, including Web Application Firewalls, can't effectively distinguish genuine from fraudulent API activity.
61% Foresee Escalating API Risks; 48% Grapple with API Sprawl: With a considerable 61% anticipating rising API-related risks in the next two years, organizations are also wrestling with challenges like API sprawl (48%) and keeping an accurate inventory (39%).
- Organizations Juggle an Average of 127 Third-Party API Connections, Yet Only 33% Feel Secure: While dealing with an average of 127 third-party API connections, a mere 33% express confidence in managing these external threats. This is exacerbated by uncertainties regarding the volume of data their APIs transmit, emphasizing an urgent call for advanced breach detection solutions.
"In an era where digital ecosystems are intrinsically entwined with our operational fabric, this report brings to light the hidden iceberg beneath the API landscape. It's alarming to see that the majority of businesses are navigating these treacherous waters with a significant blind spot, unprepared and underestimating the very real threats associated with APIs. As a security community, we must address this glaring disconnect, prioritizing API security as a cornerstone of our cyber defense strategy. It’s time that API security is elevated from the server room to the boardroom. Only by doing so can we hope to stay ahead of the evolving threat landscape," said Richard Bird, Chief Security Officer of Traceable.
Join the Conversation on the 2023 State of API Security: Global Findings
To help organizations understand the deeper findings, Traceable is hosting an exclusive webinar on Wednesday, Sept. 27 at 12 p.m. E.T./9 a.m. P.T. to interpret the results and to arm security professionals with the information they need to shape their organization’s cybersecurity strategy.
The webinar features Larry Ponemon of the esteemed Ponemon Institute, and Richard Bird, Chief Security Officer of Traceable. Together, they will unpack the intricate findings of the State of API Security report. This is a rare opportunity to gain insights directly from industry leaders, and engage in meaningful dialogue about the impact of API security on global cybersecurity initiatives. Reserve your seat here.
Traceable is the industry’s leading API Security company that helps organizations achieve API protection in a cloud-first, API-driven world. With an API Data Lake at the core of the platform, Traceable is the only intelligent and context-aware solution that powers complete API security – security posture management, threat protection and threat management across the entire Software Development Lifecycle – enabling organizations to minimize risk and maximize the value that APIs bring to their customers. To learn more about how API security can help your business, book a demo with a security expert.