Salt Security

39% of organizations adhere to the NIST Cybersecurity Framework for API development and deployment.

50% of security leaders have slowed a new application rollout due to API security concerns.

14% of organizations oversee 1,001 or more APIs.

17% of organizations were 'not very confident' in the accuracy of their API inventories.

30% of organizations are in the planning stage for their API security programs.

23% of organizations identify leveraging AI/ML capabilities for business insights or automation as a main driver behind the use of APIs.

52% of organizations identify development efficiencies and/or standardization as a main driver behind the use of APIs.

15% of organizations admitted they do not know which APIs expose PII.

61% of all organizations reported modest increases (≤15%) in their API security budgets.

21% of organizations have basic API security programs focused on risk assessments or manual reviews.

10% of organizations raised their API security budgets by 0–5%.

42% of organizations reported managing 101–500 APIs.

11% of organizations adhere to NIS2 for API development and deployment.

36% of organizations say GenAI is somewhat concerning for API security.

4% of organizations do not perform or have no formal assessment of their API security measures.

18% of organizations perform security audits to assess the effectiveness of their API security measures.

42% of organizations conduct code reviews and security testing.

12% of respondents identified that their company's API program doesn’t invest enough in pre-production security.

13% of organizations experienced explosive API growth of 101–200%.

35% of organizations adhere to the OWASP API Security Top 10 for API development and deployment.

43% of organizations are using specialized AI security tools.

18% of organizations said increased developer productivity is a metric for measuring API security ROI.

Only 7% of organizations reported increases in their API security budgets greater than 21%.

41% of organizations use vulnerability scanning to assess the effectiveness of their API security measures.

29% of organizations identified account misuse or other fraud as the most common API security problem.

12% of organizations cited a lack of investment in pre-production security for their API programs.

26% of organizations are adopting governance frameworks to establish rules for AI use in development.

15% of organizations said their API programs do not adequately address runtime or production security.

Only 3% of organizations indicated they do not know how many APIs they are responsible for.

45% of organizations identify digital transformation initiatives as a main driver behind the use of APIs.

12% of organizations manage 501–1,000 APIs.

16% of respondents pointed to resource or staffing shortages as the primary barrier to implementing a strong API security program.

33% of security leaders have suffered an API incident in the past year.

35% of organizations identify cloud migration as a main driver behind the use of APIs.

4% of organizations reported API increases of 201–300%.

25% of respondents pointed to budget limitations as the primary barrier to implementing a strong API security program.

7% of respondents pointed to time constraints as the primary barrier to implementing a strong API security program.

11% of respondents pointed to tooling/solutions gaps as the primary barrier to implementing a strong API security program.

10% of respondents identified that their company's API program doesn't focus enough on fleshing out requirements and documenting.

2% of organizations adhere to other specific security standards or frameworks for API development and deployment.

Only 19% of organizations were 'very confident' in the accuracy of their API inventories.

55% of organizations were only 'somewhat confident' in the accuracy of their API inventories.

8% of organizations were 'not at all confident' in the accuracy of their API inventories.

11% of organizations said their API security budget did not increase.

21% of organizations rely on regular penetration testing to assess the effectiveness of their API security measures.

4% of organizations do not know what specific security standards or frameworks they adhere to for API development and deployment.

57% of organizations train developers on secure coding practices for AI-generated code.

18% of organizations said lower enterprise risk score is a metric for measuring API security ROI

51% of organizations are still in planning or basic stages of API security maturity.

28% of organizations manage between 1 and 100 APIs.