API Security Becomes a Prime Focus for Security Leaders
API Security Becomes a Prime Focus for Security Leaders

Image: Philipp Katzenberger (unsplash)

A recent report by Noname Security emphasizes the escalating importance of API security. The research highlights that in just one year, the priority attached to API security has notably increased. While 67% were confident in their application testing tools’ ability to detect vulnerabilities in APIs in the previous year, that confidence level surged to an impressive 94% in 2023.

The data unveiled a concerning trend: 78% of participants experienced an API security issue within the past year, marking a growth when compared to the 2022 report. The most common threats came from web application firewalls (26%), followed by network firewalls (20%) and API gateways (18%).

There’s been a noticeable improvement in API inventory visibility. Approximately 72% of professionals in the field possess a comprehensive API inventory. Interestingly, of this group, 40% can identify which of their APIs return sensitive data. The number of professionals with complete inventories has seen a year-on-year rise from the 67% recorded in 2022.

The report also offers a geographical perspective. While 69% of U.S. participants acknowledged facing an API security breach in the past year (a decline from 77% in 2022), a whopping 85% of U.K. respondents confirmed encountering a similar incident, reflecting a 10% increase from the preceding year.

Diving deeper into the hierarchy of organizations, between 73% and 84% of the C-suite and senior security authorities encountered an incident in the past year. In contrast, 48% of AppSec professionals reported the same. This variance is also apparent in identifying the top security threats to APIs. A significant 64% of AppSec teams identified web application firewalls as the prime threat, with different job functions observing varied threat vectors.

A few other pivotal insights from the report are:

  • API security’s importance has surged, with 81% of participants acknowledging its increased priority compared to the prior year.
  • About 51% identified the erosion of customer trust and account attrition as the most detrimental aftermath of an API security breach.
  • Equally significant, 48% recognized the financial costs associated with issue resolution, while another 48% felt that decreased productivity was the harshest consequence.
  • Over half of the respondents (53%) now perceive API security as a crucial prerequisite for their operations.
  • Additionally, 53% reveal that their development teams allocate between 26% and 50% of their workload to refactoring and remediation activities.

Read the complete report for an in-depth analysis.