API security gaps widen despite rising incidents, says survey

A recent survey conducted by Traceable AI has highlighted a concerning trend in the cybersecurity landscape, particularly regarding API security. Despite a rise in API-related security incidents over the past year, an even smaller percentage of organisations have implemented dedicated API security solutions compared to 2023. The survey, part of Traceable AI's second annual study unveiled at the RSA Conference, gathered insights from over 125 cybersecurity professionals.

The findings indicate significant gaps in API management and security. Notably, only 42% of the surveyed organisations have an API security solution in place, a drop from previous years. Additionally, the study reveals that 20% of respondents are uncertain if their organisation is securing APIs at all, a 9% increase from the past year.

Another critical insight is that half of the organisations surveyed do not have a dedicated team member or team responsible for API security, marking a 10% increase from the previous year. Instead, the responsibility for API security is increasingly falling to Chief Information Security Officers (CISOs), with 44% of respondents indicating that API security is now under the CISO's purview, up 6% from last year.

Despite the managerial shifts, the study suggests that many companies continue to struggle with API sprawl. Although the percentage of respondents who reported issues or uncertainty regarding API sprawl has decreased by 10% since last year, the majority (56%) either still struggle with API sprawl or are unsure about their company's effectiveness in managing it.

The survey also illuminates the rising threat landscape. In 2024, 14% of respondents confirmed their organisation experienced an API attack in the last 12 months, a significant increase from the previous year's minimal reports. Meanwhile, one in four respondents admitted to being unsure whether their organisation had fallen victim to such an attack.

The data underscores the critical need for robust API security measures as businesses increasingly integrate digital transformation into their operations. Secure API practices are essential for safeguarding against potential breaches, maintaining consumer trust, and complying with regulatory standards.

During the RSA Conference, Traceable AI announced the launch of the industry's first generative AI API security capabilities. These new features aim to protect the APIs that facilitate connections between large language models (LLMs) and other application services. The initiative is designed to assist enterprises in balancing the adoption of AI technologies with the need to secure their digital ecosystems effectively.

The methodology of the survey involved Traceable AI speaking directly with security professionals attending the RSA Conference 2024. This approach provided first-hand insights into the experiences and challenges faced by these professionals concerning API security risks. The gathered data was anonymised and compiled to generate a comprehensive report that informs the industry of prevailing trends and patterns in API security.

Given the increasing frequency of API-related incidents and the identified deficiencies in existing security measures, the report serves as a vital call to action for organisations to prioritise API security within their cybersecurity strategies. Ensuring dedicated resources and leveraging advanced security capabilities, such as those introduced by Traceable AI, may prove crucial in mitigating the risks associated with API vulnerabilities.