Report shows 92% of orgs experienced an API security incident last year

Today, application security provider Data Theorem, announced the release of a new report in partnership with TechTarget’s Enterprise Strategy Group (ESG). ESG surveyed 397 respondents on cloud-native applications and API security and found that 92% of organizations experienced at least one API-related security incident in the last 12 months.

The report, scheduled to release on May 5, also revealed that 57% experienced multiple API security incidents, highlighting that many organizations still have a lot more to do to defend cloud-native applications and APIs against threat actors. 

This comes just months after a hacker used a Twitter API vulnerability shipped in June 2021 (now patched) to compile and leak the account details and email addresses of 235 million users in January 2023. 

API security incidents ‘no surprise’

One of the key challenges unveiled by the research was the transient nature of the attack surface. For instance, 75% of organizations typically changed or updated their APIs on a daily or weekly basis, creating new vulnerabilities in the attack surface for security teams to confront. 

“It’s no surprise that most organizations are experiencing API-related security incidents,” said Melinda Marks, senior analyst for ESG in the announcement press release. 

“Modern development cycles bring faster, more frequent product releases and updates, and the growing number of APIs that change on a daily or weekly basis make it imperative to address the changing attack surface. This rapid rate of change also creates shadow APIs and zombie APIs, which can be hackers’ favorite APIs to exploit because organizations often do not know about them,” Marks said. 

However, many organizations are looking to address API security by increasing their spending over the next 12–18 months by investing in API security tools (45%), cloud-native application protection platforms (CNAPPs) (43%), and integration application security and API security tools (41%). 

CNAPPs and API security tools provide automated support in discovering APIs and highlighting potential entry points, giving defenders valuable insight into how to harden their defenses against cyberattacks.