Only 27% of respondents know which APIs return the sensitive data that attackers seek
CAMBRIDGE, Mass., Nov. 13, 2024 /PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today announced new research showing that while API attacks are rising, visibility into API risks that open doors for attackers is declining. Now in its third year, the API Security Impact Study (formerly the API Security Disconnect) explores the state of API protection based on a survey of 1,207 security leaders and practitioners across the United States, United Kingdom, and Germany.
The study finds that 84% of respondents experienced an API security incident over the past 12 months. This marks the third straight year of increased incursions and marks an all-time high (up from 78% in 2023). The number is also consistent with recent Akamai research that shows a rise in API attacks.
Although API incursions are up, the percentage of participants who have a full API inventory and know which APIs exchange sensitive data dropped from an already low 40% in 2023 to just 27% in 2024. According to the May 2024 Gartner® Market Guide for API Protection: "Current data indicates that the average API breach leads to at least 10 times more leaked data than the average security breach." This suggests API security will be a major issue for the foreseeable future.
The API Security Impact Study surveyed security leaders from the following industries: financial services, retail/ecommerce, healthcare, government/public sector, manufacturing, energy/utilities, automotive, and insurance. Energy/utilities reported the highest number of API security incidents (91%), yet that industry ranked API security as their lowest priority among the 13 options given. Conversely, retail/ecommerce reported the lowest number of API incidents (68%) and cited API security as a top priority (21.3%) — higher than any other industry surveyed.
Other findings of the survey include:
"Our research shows that API security has yet to become a key element in a comprehensive security strategy," said Rupesh Chokshi, Senior Vice President and General Manager, Application Security, Akamai. "Organizations mostly treat API threats as emerging, when the attack data — as well as the financial impact and stress on security teams — shows they keep growing. We believe that the API Security Impact Study will help companies to better assess API protections and improve them where needed."
The study offers not only insights about survey findings but also recommendations that security teams can use to enhance their API security strategies. This includes undertaking a full inventory of APIs, regular testing to ensure APIs are coded correctly, and implementing runtime detection to differentiate between "normal" and "abnormal" API activity.
The API Security Impact survey was conducted by Opinion Matters between June 12, 2023, and July 7, 2024.
About Akamai
Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense-in-depth to safeguard enterprise data and applications everywhere. Akamai's full-stack cloud computing solutions deliver performance and affordability on the world's most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence. Learn more at akamai.com and akamai.com/blog, or follow Akamai Technologies on X and LinkedIn.
Contact
Jim Lubinskas
Akamai Media Relations
703.907.9103
jlubinsk@akamai.com
View original content to download multimedia: https://www.prnewswire.com/news-releases/new-study-finds-84-of-security-professionals-experienced-an-api-security-incident-in-the-past-year-302303810.html
SOURCE Akamai Technologies, Inc.