API vulnerabilities: 74% of organizations report multiple breaches

A new study provides a comprehensive global perspective on the state of API security, exposing critical vulnerabilities and their far-reaching consequences. 

The 2023 State of API Security Report is based on insights from 1629 cybersecurity experts across the United States, the United Kingdom and the European Union, paints a concerning picture of the API security landscape. 

One of the most alarming revelations is the sharp increase in API-related data breaches. Within the past two years, 60% of organizations surveyed reported at least one breach, with a substantial 74% experiencing three or more incidents. DDoS attacks emerged as the primary method, accounting for 38% of breaches. This, coupled with other attack vectors, significantly expands organizations’ potential attack surfaces, according to 58% of respondents. 

The research also highlights a lack of understanding and confidence in API security. Only 38% of experts felt capable of discerning the nuances of API activities, user behaviors and data flows. Traditional security solutions, including Web Application Firewalls (WAFs), came under scrutiny, with 57% doubting their effectiveness in distinguishing genuine from fraudulent API activity. 

Looking ahead, 61% of respondents anticipate escalating API-related risks in the next two years. Organizations are grappling with challenges such as API sprawl (48%) and the accurate inventory management of APIs (39%). On average, organizations maintain 127 third-party API connections, yet only 33% expressed confidence in securing these external threats.