APIs are Top Cybersecurity Priority for Most Organizations, Yet 40% Do Not Have an API Security Solution

Additional highlights include:

• 40% of organizations do not have a dedicated API security professional or team.
• API security ownership remains fragmented between different teams, with 38% of respondents claiming the CISO owns it, while 25% claim Development and/or DevOps takes ownership; and 24% of respondents simply don’t know.
• The majority of respondents (66%) either struggle with API sprawl, or do not know if their company is managing API sprawl effectively.
• 40% of cybersecurity professionals’ companies don’t have an API security solution, and 29% are unsure if their organization is securing APIs at all.
• Among those who have adopted API security tools, 25% of professionals’ solutions can’t baseline API behavior and identify abnormal activity potentially indicative of an API attack; a staggering 50% of respondents were not sure if their API security solution had these capabilities.

“With APIs being a universal attack vector and the cause of some of the biggest data breaches in recent years, it’s very concerning to find out that 40% of organizations do not have a dedicated API security professional or team to tackle this problem, with 23% unsure if they had a team at all. Equally concerning is that 40% of organizations do not have an API security solution in place,” said Richard Bird, Chief Security Officer at Traceable. “In the past, hackers had to devise strategies for getting around existing defenses in order to locate data and interfere with systems. Now, they can simply exploit an API and obtain access to sensitive data without even exploiting the other solutions in the security stack. This is why more organizations need to take API security seriously and make it an integral part of their broader cybersecurity strategy.”

During RSA,Traceable also continued its commitment to API security with the announcement of its Zero Trust API Access solution, the first-of-its-kind solution that actively reduces your attack surface by minimizing or eliminating implied and persistent trust for your APIs. The announcement followed the news that Zero Trust pioneer John Kindervag and “Dr. Zero Trust” Chase Cunningham have joined Traceable as advisors.

To learn more on how API security can help your business, visit https://www.traceable.ai/request-a-demo.

Methodology

To better understand the state of API security at the RSA Conference 2023, Traceable conducted a survey on the show floor. The team spoke with over 100 security professionals about their recent experience, struggles, and how they are dealing with a new era of threats – specifically API security risks in their organization. Traceable anonymized and compiled this data to produce a report to inform the industry on the trends and patterns of API security.

About Traceable

Traceable is the industry’s leading API Security company that helps organizations achieve API protection in a cloud-first, API-driven world. With an API Data Lake at the core of the platform, Traceable is the only intelligent and context-aware solution that powers complete API security – security posture management, threat protection and threat management across the entire Software Development Lifecycle – enabling organizations to minimize risk and maximize the value that APIs bring to their customers. To learn more about how API security can help protect your business, book a demo with a security expert.

Sam Aurilia
Touchdown PR
[email protected]

SOURCE Traceable AI