State of API Security
2023 Global Findings

60% reported a data breach in the past two years. Of these, 74% had at least 3 API-related breaches. Alarmingly, 40% had five or more, and 11% faced over seven, stressing the dire need for enhanced API security.

Our survey underscores that DDoS attacks stand out as the predominant API attack method resulting in a breach, with 38% of respondents confirming this.

Intriguingly, fraud and known attacks are neck and neck for the second spot, each cited by 29% of participants as a major cause of data breaches.

A significant 58% of respondents either strongly agree or agree with the assertion that APIs expand the attack surface across all layers of the technology stack. This highlights a widespread recognition of the risk introduced by APIs, despite their indispensable role in the digital landscape.

Securing APIs presents a dynamic set of challenges for organizations. Topping the list, as reported by 48% of respondents, is preventing API sprawl, reflecting the rapid proliferation of APIs in the modern enterprise. The second most pressing challenge, identified by 39%, is maintaining an accurate inventory of APIs, followed by managing third-party access to APIs, at 30%.

34% of organizations feel uncertain about the efficacy of their tools like WAF and WAAP, rating them as moderately effective (scores of 5 or 6). Meanwhile, 23% rate theirs as less effective (scores of 1 to 4). Although 43% find their solutions more satisfactory (scores of 7 to 10), it underscores that over half aren’t fully confident in their API security measures.

We’re honored to have Larry Ponemon, the founder of the Ponemon Institute, and Richard Bird, the Chief Security Officer of Traceable, as our distinguished speakers. Together, they will unpack the report’s findings, and offer their expert analysis and recommendations.