Application Programming Interfaces (APIs) have emerged as useful tools that streamline business operations and enhance the digital experience for customers. As their use has become more widespread, they are a much more prominent part of the cyber threat landscape. API-related hacks and data breaches have impacted organizations in all industries and in all geographic regions. For organizations that have been affected, the result has been dramatically higher remediation and legal costs for companies. To mitigate the security risks that APIs present, organizations must now develop cost-effective strategies to secure them and reduce remediation costs.
An overview of the current API security landscape
According to the recent report Quantifying the Cost of API Insecurity, Marsh McLennan researchers revealed that in 2020 alone, API use by the Financial Services industry grew by an estimated 125%, while traffic from the Healthcare industry ballooned by more than 400%. The following year, health monitoring API use increased an additional 941%, suggesting that the current API adoption trend shows no sign of slowing.
As enterprises have expanded API adoption, the costs of mitigating the risk that comes along with it have risen. In the last few years, multiple high-profile organizations have fallen prey to API breaches, exposing billions of personal and company records and costing companies millions of dollars. As the number of APIs continues to grow, data protection regulations expand, and malicious actors refine their tools, these trends will accelerate – underscoring the need to invest in robust and effective API protection strategies.
The cost of API insecurity
Marsh McLennan researchers combined their collected API security incident data, the raw API-related incident proportion, and the underreporting factor to develop an estimated API-related frequency range of 4.1-7.5%. Researchers then applied the percentage range of events from API issues to develop the estimated amount of loss attributed to API-related events. Here are their API-related loss estimates:
- USD 12-23 billion: Average annual API-related cyber loss in the US alone
- USD 41-75 billion: Average annual API-related total cyber loss worldwide
- USD 205-376 million: Average annual API-related global insured cyber loss
For a more detailed account of the costs of API insecurity, along with an in-depth analysis of API-related security trends and events by geography, company revenue, and geographic location, download the report, Quantifying the Cost of API Insecurity.
The Imperva approach to API security
For organizations that make a sensible upfront investment in API security, their API-related security costs decrease markedly, even as their API adoption continues to increase.
Imperva API Security provides protection that is not dependent on any one gateway. While the service offering can be quickly deployed by Imperva Cloud Web Application Firewall (WAF) customers, DevOps and DevSecOps teams can easily deploy Imperva API Security as a standalone solution in any legacy or cloud-native environment.
With a single solution, Imperva API security provides protection for both public-facing and backend APIs without slowing down development teams and works across legacy, hybrid, and cloud-native environments. This includes Kubernetes, legacy monolithic apps, standalone microservices, web proxies, or API gateways that integrate with other existing infrastructure.
Imperva API Security quickly detects REST APIs to enable the creation of a positive security model. The solution automatically updates API inventories to ensure security teams keep pace with developers who frequently modify APIs in production.
As organizations gain visibility beyond the API endpoint and into each API’s underlying payload, business leaders in highly regulated industries can more rigorously enforce an API governance model and stop potential data breaches.
Try Imperva for Free
Protect your business for 30 days on Imperva.