According to a Noname Security report, API security is more of a priority than it was 12 months ago. Confidence in respondents’ ability to tackle such incidents has shot up from 67% to 94% saying they are confident that their current application testing tools are capable of testing APIs for vulnerabilities in 2023.
Over three-quarters (78%) of respondents have suffered an API security incident in the last 12 months, an increase from the 2022 report. The primary causes or top attack vectors cited were web application firewalls (26%), network firewalls (20%) and API gateways (18%).
The report findings show visibility of API inventories has improved. Nearly three-quarters (72%) of cybersecurity professionals have full API inventories, but of those, 40% have visibility into which return sensitive data. This represents a year-on-year increase (67%) of those that had a complete inventory in 2022.
Over two-thirds of U.S. respondents (69%) admitted they had experienced an API security incident in the last 12 months, down from 77% in 2022, whereas 85% of U.K. respondents said they suffered an incident in the last 12 months, a 10% year-on-year increase from the year prior.
Between 73% and 84% of C-suite and senior security professionals said they had experienced an incident in the last 12 months, and 48% of AppSec professionals said the same. This disparity extends to the top security attack vectors for APIs, with 64% of AppSec teams citing web application firewalls as the top attack vector for APIs, with more of a spread across other job functions.
Other key findings include:
- 81% of respondents stated that API security is more of a priority now than it was 12 months ago.
- 51% cited loss of customer goodwill and churned accounts as the biggest impact of an API security incident.
- 48% cited fees incurred to help fix the issues, and similarly, 48% said loss of productivity was the biggest impact.
- 53% now view API security as a necessary requirement for their business.
- 53% say their developers spend between 26% and 50% of their time on refactoring and remediation.
Read the full report here.