A recent analysis by CyCognito delved into the vulnerabilities of public cloud and web applications. The study found that a staggering 74% of assets containing personally identifiable information (PII) were susceptible to at least one major known exploit. Furthermore, 10% of these assets showcased an issue that was simple to exploit.

A vast 70% of web applications demonstrated critical security oversights, including missing WAF protection or the absence of encrypted connections such as HTTPS. Moreover, one-quarter of all these web applications lacked both of these critical security measures.

On average, a global enterprise operates over 12,000 web applications. This extensive list encompasses APIs, SaaS applications, servers, databases, and more. Alarmingly, about 30% of these web applications, which equates to more than 3,000 assets, bear either an easily exploitable or a high-risk vulnerability. It’s noteworthy to mention that half of these potential security pitfalls are located in cloud-hosted web applications.

Furthermore, a whopping 98% of web applications may not meet GDPR compliance standards due to the absence of a mechanism for users to decline cookies.

To dive deeper into these findings, one can refer to the complete report.