Insights / Research Report / Securing the API Attack Surface
August 24, 2023

Securing the API Attack Surface

Melinda Marks
Practice Director

Market Topics


Research Objectives

Organizations across industries improve their productivity, innovation, and customer service with an increase in web, mobile, and cloud applications leveraging microservices architectures. But this brings an increase in APIs connecting application components and resources. Organizations rate APIs as the element in the cloud-native stack most susceptible to attack, and attacks stemming from insecure APIs were the most commonly identified cybersecurity incident tied to cloud-native app development over the last 12 months. As the number of APIs continues to grow, security risk increases.

As a result, organizations need effective API security solutions to reduce risk as cloud-native development scales and help their teams discover, manage, configure, monitor, and protect their APIs to keep pace with modern software development. To gain further insight into these trends, TechTarget’s Enterprise Strategy Group surveyed 397 IT, cybersecurity, and application development professionals at organizations in North America (US and Canada) responsible for evaluating, purchasing, and managing API security solutions.

This study sought to answer the following questions:

  • Approximately what percentage of public-facing web applications are based on a microservices, cloud-native architecture today? How is this expected to change, if at all, over the next 24 months?
  • How frequently do organizations’ developers (and/or DevOps teams) deliver new software builds to production? How is this expected this change, if at all, over the next 6 to 12 months?
  • What security challenges do organizations face with the faster development cycles of CI/CD?
  • What is the average number of APIs per application? What proportion of cloud-native applications use APIs today? How is that expected to change, if at all, over the next 24 months?
  • Have organizations experienced a security incident related to insecure APIs in the last 12 months? What type of security incident(s) did organizations suffer as a result of insecure APIs?
  • What are the biggest challenges organizations have faced with API security? What types of API vulnerabilities are of greatest concern?
  • How long does it typically take for organizations to remediate an API vulnerability? How do organizations ensure APIs do not expose sensitive data?
  • How would organizations describe the collective level of understanding their development teams have of security risks for APIs?
  • Do organizations provide formal API security training to their development teams?
  • When new APIs are published, when does the team responsible for securing them become involved?
  • What is the source from which API security is funded, or will likely be funded? Do organizations expect to increase their spending on API security technologies, services, and personnel over the next 12-18 months?
  • What do organizations expect to increase their API security spending on the most over the next 12-18 months?
  • What actions do organizations expect to take over the next 12-18 months to implement or optimize their web application and API protection strategies?

Survey participants represented a wide range of industries including manufacturing, technology, financial services, and retail/wholesale. For more details, please see the Research Methodology and Respondent Demographics sections of this report.


Already an Enterprise Strategy Group client? Log in to read the full report.
If you are not yet a Subscription Client but would like to learn more about accessing this report, please contact us.

Unparalleled insights from analysts with an "insider" perspective

From strategy and product development to competitive insights and content creation, we deliver high-quality, actionable support services.