A recent report by Noname Security highlights the increasing number of API security incidents, indicating a concerning trend in data breaches and the expanding attack surface [1].


The report reveals that within the past two years, 74% of organizations have experienced at least three API-related data breaches, suggesting a rise in breaches [1]. Furthermore, the study found that 88% of organizations utilize over 2,500 cloud applications, which significantly increases the attack surface. The sheer volume and diversity of APIs further contribute to the risk [1]. Interestingly, the report also uncovers varied perceptions about API risk, with some organizations underestimating its importance [1]. Notably, UK businesses prioritize API security more than US businesses [2], and UK respondents have experienced more API security incidents in the last year [2]. The impacts of these incidents for UK respondents include fees [2], loss of customer goodwill [2], churned accounts [2], and loss of productivity [2]. Consequently, API security is now seen as a necessary requirement and a business enabler by UK respondents [2]. The most common attack vectors experienced by UK respondents are Network Firewalls [2], Web Application Firewalls [2], and API Gateways [2]. While the visibility of API inventories has improved [2], some respondents have a full inventory without knowledge of which APIs return sensitive data [2]. Real-time API security testing has also increased among UK respondents [2]. These findings underscore the importance of prioritizing API security in the face of increasing incidents [2].


The rising number of API security incidents necessitates a proactive approach to mitigate the risks associated with data breaches and the expanding attack surface. Organizations must prioritize API security to avoid the detrimental impacts such as financial losses, damage to reputation, and decreased productivity. Additionally, the findings highlight the need for ongoing efforts to improve visibility and understanding of API inventories, as well as the importance of real-time API security testing. By addressing these challenges, organizations can better protect their data and ensure the integrity of their systems in the future.


[1] https://www.darkreading.com/attacks-breaches/silent-threat-of-apis-what-new-data-reveals-about-unknown-risk
[2] https://itsupplychain.com/noname-securitys-api-security-report-reveals-api-security-incidents-are-rising/