State of API Security
2023 Global Findings

Global State of API Security survey investigates API data breaches, API sprawl, ownership, governance, zero trust, and the path to a secure future.
The Industry's First Global Survey on the Reality of API Risk
  • 1629 Respondents
    Cybersecurity experts from C-suite to security engineers.
  • 100+
    United States, United Kingdom, and EMEA
  • 6+ Major Industries
    Financial Services, Healthcare, Retail, Insurance, High-Tech, SaaS, and more.
2023 State of API Security:
Global Findings
This research report is a collaborative study with the Ponemon Institute that surveyed 1629 respondents, across over 100 countries and over 6 major industries. This included organizations with at least 1000 employees, to those with over 75,000 employees.

The survey tackles the complexities of API-related data breaches, API sprawl, API ownership, attacks and exploits, fraud and abuse, as well as the adoption of Zero Trust methodologies.

Download to access over 50 key insights on API Security.
Organizations Are Losing the Battle to Secure APIs
74% Report at least 3 API-related Data Breaches in the Past Two Years.

60% reported a data breach in the past two years. Of these, 74% had at least 3 API-related breaches. Alarmingly, 40% had five or more, and 11% faced over seven, stressing the dire need for enhanced API security.

DDoS, Fraud, and API Attacks Are Top API Breach Methods

Our survey underscores that DDoS attacks stand out as the predominant API attack method resulting in a breach, with 38% of respondents confirming this.

Intriguingly, fraud and known attacks are neck and neck for the second spot, each cited by 29% of participants as a major cause of data breaches.

58% of Respondents State that APIs Expand the Attack Surface

A significant 58% of respondents either strongly agree or agree with the assertion that APIs expand the attack surface across all layers of the technology stack. This highlights a widespread recognition of the risk introduced by APIs, despite their indispensable role in the digital landscape.

48% of Organizations Report that API Sprawl is their Top Challenge

Securing APIs presents a dynamic set of challenges for organizations. Topping the list, as reported by 48% of respondents, is preventing API sprawl, reflecting the rapid proliferation of APIs in the modern enterprise. The second most pressing challenge, identified by 39%, is maintaining an accurate inventory of APIs, followed by managing third-party access to APIs, at 30%.

Majority Are Not Confident in WAF, WAAP or Lifecycle Management Tools to Protect APIs

34% of organizations feel uncertain about the efficacy of their tools like WAF and WAAP, rating them as moderately effective (scores of 5 or 6). Meanwhile, 23% rate theirs as less effective (scores of 1 to 4). Although 43% find their solutions more satisfactory (scores of 7 to 10), it underscores that over half aren’t fully confident in their API security measures.

Join the Conversation on the State of API Security
Exclusive Webinar: State of API Security - Global Findings

We’re honored to have Larry Ponemon, the founder of the Ponemon Institute, and Richard Bird, the Chief Security Officer of Traceable, as our distinguished speakers. Together, they will unpack the report’s findings, and offer their expert analysis and recommendations.

Additional Key Findings

Solutions are needed to stop third-party risks and data exfiltration events happening through APIs

An average of 127 third parties are connected to organizations’ APIs and only 33 percent of respondents say they are effective in reducing the risks caused by these third parties’ access to their APIs. Only 35 percent of respondents say they are effective in identifying and reducing risks posed by APIs outside their organizations and 40 percent say they are effective in identifying and reducing risks within their organizations.

One reason is that most organizations do not know how much data is being transmitted through the APIs and need a solution that can detect and stop data exfiltration events happening through APIs.

61% of organizations anticipate that API risk will increase or significantly increase over the next 24 months

The anticipation of API risk in the near future showcases a notably cautious outlook among organizations. A significant majority, totaling 61%, expect the risk associated with APIs to either increase or significantly increase over the next 12 to 24 months.

This suggests a prevailing sentiment that as the digital landscape continues to evolve, so too do the challenges and threats associated with it. Only 15% of respondents believe the risk will decrease, hinting at the urgent need for better API management and security solutions in the rapidly changing tech environment.

Financial Loss, loss of intellectual property, and brand value erosion are top consequences of API-related data breaches.

Financial consequences and loss of intellectual property (IP) equally resonating as the most severe, both experienced by 52% of the affected organizations.

Not far behind, brand value erosion was reported by 50% of respondents, underlining the substantial reputational risks involved. Operational disruptions were faced by 37%, indicating how breaches can fundamentally affect a company's core functionality.

2023 State of API Security:
Global Findings