New Study Finds 84% of Security Professionals Experienced an API Security Incident in the Past Year
Akamai Technologies released its third annual API Security Impact Study, revealing concerning trends in API security. 84% of respondents experienced API security incidents in the past year, up from 78% in 2023. The study, surveying 1,207 security leaders across the US, UK, and Germany, found that only 27% of participants have a full API inventory and know which APIs exchange sensitive data, down from 40% in 2023.
The average cost to remediate API incidents was $591,404 in the US, rising to $832,801 in financial services. Energy/utilities reported the highest incident rate (91%), while retail/ecommerce had the lowest (68%). CISOs ranked addressing generative AI threats (25.5%) and securing APIs (24.8%) as top priorities.
Akamai Technologies ha pubblicato il suo terzo studio annuale sull'impatto della sicurezza delle API, rivelando tendenze preoccupanti nella sicurezza delle API. Il 84% dei rispondenti ha subito incidenti di sicurezza delle API nell'ultimo anno, in aumento rispetto al 78% del 2023. Lo studio, che ha interrogato 1.207 leader della sicurezza negli Stati Uniti, nel Regno Unito e in Germania, ha scoperto che solo il 27% dei partecipanti dispone di un inventario completo delle API e sa quali API scambiano dati sensibili, in calo rispetto al 40% nel 2023.
Il costo medio per sanare gli incidenti delle API è stato di $591.404 negli Stati Uniti, salendo a $832.801 nei servizi finanziari. Il settore dell'energia e dei servizi pubblici ha segnalato il tasso di incidenti più alto (91%), mentre il retail/ecommerce ha avuto il più basso (68%). I CISOs hanno classificato la gestione delle minacce generate dall'IA (25,5%) e la sicurezza delle API (24,8%) come massime priorità.
Akamai Technologies publicó su tercer estudio anual sobre el impacto de la seguridad de las API, revelando tendencias preocupantes en la seguridad de las API. El 84% de los encuestados experimentó incidentes de seguridad de API en el último año, un aumento con respecto al 78% en 2023. El estudio, que encuestó a 1.207 líderes de seguridad en Estados Unidos, Reino Unido y Alemania, encontró que solo el 27% de los participantes tiene un inventario completo de API y sabe cuáles intercambian datos sensibles, bajando del 40% en 2023.
El costo promedio para remediar incidentes de API fue de $591,404 en EE. UU., aumentando a $832,801 en servicios financieros. El sector de energía/utilidades reportó la tasa de incidentes más alta (91%), mientras que retail/ecommerce tuvo la más baja (68%). Los CISOs clasificaron abordar las amenazas de IA generativa (25.5%) y asegurar las API (24.8%) como prioridades principales.
Akamai Technologies는 API 보안에 대한 우려스러운 추세를 밝힌 제3회 연례 API 보안 영향 연구를 발표했습니다. 응답자의 84%가 지난 1년 동안 API 보안 사고를 경험했습니다, 2023년의 78%에서 증가한 수치입니다. 이 연구는 미국, 영국 및 독일의 1,207명의 보안 리더를 조사하였으며, 참가자의 27%만이 전체 API 목록을 보유하고 있으며 어떤 API가 민감한 데이터를 교환하는지 알고 있다고 밝혔습니다. 이는 2023년의 40%에서 감소한 수치입니다.
API 사고를 해결하는 평균 비용은 미국에서 $591,404였으며, 금융 서비스에서 $832,801로 증가했습니다. 에너지/유틸리티 부문은 가장 높은 사고율(91%)을 보고했으며, 소매/ecommerce 부문은 가장 낮은 사고율(68%)을 기록했습니다. CISO들은 생성적 AI 위협 대응(25.5%)과 API 보안(24.8%)을 최우선 과제로 정했습니다.
Akamai Technologies a publié sa troisième étude annuelle sur l'impact de la sécurité des API, révélant des tendances préoccupantes en matière de sécurité des API. 84 % des répondants ont connu des incidents de sécurité des API au cours de l'année écoulée, en hausse par rapport à 78 % en 2023. L'étude, qui a interrogé 1 207 responsables de la sécurité aux États-Unis, au Royaume-Uni et en Allemagne, a montré que seulement 27 % des participants disposent d'un inventaire complet des API et savent quelles API échangent des données sensibles, en baisse par rapport à 40 % en 2023.
Le coût moyen pour remédier aux incidents liés aux API était de $591,404 aux États-Unis, grimpant à $832,801 dans les services financiers. Le secteur de l'énergie/utilités a signalé le taux d'incidents le plus élevé (91 %), tandis que le secteur du commerce de détail/ecommerce a enregistré le plus bas (68 %). Les CISO ont classé la gestion des menaces génératives de l'IA (25,5 %) et la sécurisation des API (24,8 %) parmi les priorités les plus élevées.
Akamai Technologies hat seine dritte jährliche Studie über die Auswirkungen der API-Sicherheit veröffentlicht und besorgniserregende Trends in der API-Sicherheit aufgezeigt. 84 % der Befragten hatten im letzten Jahr API-Sicherheitsvorfälle, ein Anstieg gegenüber 78 % im Jahr 2023. Die Studie, die 1.207 Sicherheitsverantwortliche in den USA, Großbritannien und Deutschland befragte, ergab, dass nur 27 % der Teilnehmer über ein vollständiges API-Inventar verfügen und wissen, welche APIs sensible Daten austauschen, ein Rückgang von 40 % im Jahr 2023.
Die durchschnittlichen Kosten zur Behebung von API-Vorfällen betrugen $591.404 in den USA und stiegen auf $832.801 im Finanzwesen. Der Energiesektor/Versorgungsunternehmen meldete die höchste Vorfallsrate (91 %), während der Einzelhandel/eCommerce die niedrigste (68 %) hatte. CISOs stuften die Bekämpfung von Bedrohungen durch generative KI (25,5 %) und die Sicherung von APIs (24,8 %) als höchste Prioritäten ein.
- Retail/ecommerce sector shows lowest API incident rate at 68%
- API security ranks as second-highest priority for CISOs (24.8%)
- 84% of respondents experienced API security incidents, up from 78% in 2023
- Only 27% of participants have full API inventory visibility, down from 40% in 2023
- High remediation costs: $591,404 average in US, $832,801 in financial services
- Real-time API testing decreased from 18% to 13% in US and UK
- 91% incident rate in energy/utilities sector despite low priority ranking
Insights
The rising trend in API security breaches presents significant market implications for Akamai. The
The decline in real-time API testing from
The industry-specific findings reveal important market dynamics. The energy/utilities sector's paradox of highest incident rate (
Only
The study finds that
Although API incursions are up, the percentage of participants who have a full API inventory and know which APIs exchange sensitive data dropped from an already low
The API Security Impact Study surveyed security leaders from the following industries: financial services, retail/ecommerce, healthcare, government/public sector, manufacturing, energy/utilities, automotive, and insurance. Energy/utilities reported the highest number of API security incidents (
Other findings of the survey include:
- The average cost to remediate API incidents was
in$591,404 the United States In sectors such as financial services, the average rose to .$832,801 - There is general consensus among all roles in all regions that the greatest impacts of API security incidents fall on security staff. Participants ranked the levels of stress and/or pressure on their teams from API security to be slightly higher than those from remediation costs and regulatory fines.
- The top-ranked security priorities for CISOs over the next 12 months are addressing generative AI–fueled threats (
25.5% ) and securing APIs (24.8% ). - In 2023,
18% ofU.S. andU.K. respondents said they tested APIs in real time. Among the same cohort in 2024, that figure fell to13% . Many of the causes for API incidents that were cited by survey takers are exactly the types of issues real-time testing can help address. - Top-ranked causes of API incidents include vulnerabilities cited in the OWASP Top 10 API Security Risks and a candid admission that commonly used API tools did not catch the issues.
"Our research shows that API security has yet to become a key element in a comprehensive security strategy," said Rupesh Chokshi, Senior Vice President and General Manager, Application Security, Akamai. "Organizations mostly treat API threats as emerging, when the attack data — as well as the financial impact and stress on security teams — shows they keep growing. We believe that the API Security Impact Study will help companies to better assess API protections and improve them where needed."
The study offers not only insights about survey findings but also recommendations that security teams can use to enhance their API security strategies. This includes undertaking a full inventory of APIs, regular testing to ensure APIs are coded correctly, and implementing runtime detection to differentiate between "normal" and "abnormal" API activity.
The API Security Impact survey was conducted by Opinion Matters between June 12, 2023, and July 7, 2024.
About Akamai
Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense-in-depth to safeguard enterprise data and applications everywhere. Akamai's full-stack cloud computing solutions deliver performance and affordability on the world's most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence. Learn more at akamai.com and akamai.com/blog, or follow Akamai Technologies on X and LinkedIn.
Contact
Jim Lubinskas
Akamai Media Relations
703.907.9103
jlubinsk@akamai.com
View original content to download multimedia:https://www.prnewswire.com/news-releases/new-study-finds-84-of-security-professionals-experienced-an-api-security-incident-in-the-past-year-302303810.html
SOURCE Akamai Technologies, Inc.
FAQ
What percentage of companies experienced API security incidents in 2024 according to Akamai (AKAM)?
How much does it cost to remediate API security incidents according to Akamai's (AKAM) 2024 study?
What percentage of companies have full API inventory visibility in 2024 according to Akamai (AKAM)?