Akamai has released a new study showing that organizations are deploying APIs without the necessary security and testing, leaving them vulnerable to attacks once published. Now in its fourth year, Akamai’s API Security Impact Survey provides a global view of the state of protection, based on responses from 1,840 security professionals across six industries and countries.

The study shows that API attacks continue to increase. 87% of respondents experienced an API security incident in the last year, up from 76% in 2022. On average, organizations experienced 3.5 API-related security issues in the last 12 months, with an average cost of almost €600,000 per event.

Security teams (38%) consider their top cybersecurity priority to be protecting AI technologies for next year. Additionally, 42% of professionals say the APIs underlying their AI applications, agents, and large language models (LLMs) were subject to cyberattacks over the past year. These findings validate recent Akamai research that identified APIs as the primary attack surface for cybercriminals.

API visibility, a worsening problem

The survey results show that organizations increasingly lack visibility into APIs, a problem that has been exacerbated by the implementation of AI. Only 27% of companies with full API inventories know which ones expose sensitive data, down from 40% in 2022.

Other conclusions are the following:

● Almost all financial services respondents (96%) were victims of an API attack in the last 12 months.

● The industries with the highest cost per incident were the energy and utilities sectors (731,000 euros), manufacturing (622,000 euros), and health and life sciences (616,000 euros).

● Nearly 80% of companies consider API security as one of their top three cybersecurity priorities.

● 40% of managers say they have a high level of maturity in advanced API testing, compared to 28% of DevSecOps teams. This points to a discrepancy between management perception and the operational reality of implementation teams.

● Just over half of organizations (53%) have staff dedicated to API security.

“The rapid expansion of the API attack surface means that organizations that rely heavily on APIs face compromised visibility and high risks that can have an economic impact,” said Sean Lyons, senior vice president and general manager of Application and Infrastructure Security at Akamai. «The number of APIs is increasing rapidly and most companies are not able to keep inventories up to date. If you’re adopting AI, API security should be part of the design from the beginning. “To fully trust the AI ​​systems you are building, you need a solid foundation.”

Security teams (38%) consider their top cybersecurity priority to be protecting AI technologies

The report’s recommendations to help companies strengthen their API security strategies include filling visibility gaps by detecting and creating an inventory of all APIs that are linked to LLM and AI applications, integrating security testing and controls throughout the API lifecycle, and treating API security as a prerequisite for trustworthy AI.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.