Half of all companies do not have adequate application security visibility

Get a copy of the upcoming book "Secure Operations Technology"

The Ponemon Institute surveyed nearly 1,400 IT and IT security practitioners in the United States, European Union and Asia-Pacific to understand the risk unprotected applications pose to businesses when running in unsecured environments and how they are addressing this risk.

What is your organization’s primary means of securing applications?

application security visibility

The results indicated a predominant global issue: application breaches are rising and and so are the security risks of running business critical apps in zero-trust environments. However, companies are not adequately investing in application security measures until after breaches occur, resulting in loss of productivity, customer trust and revenue.

Risk of application breaches is real

The study shows that nearly 75 percent of organizations likely, most likely or definitely experienced a material cyber-attack or data breach within the last year due to a compromised application. Sixty-four percent of respondents say they are either very concerned or concerned that they will be hacked through an application. Additionally, 54 percent expect the severity of threats to increase in 2018.

Most organizations still don’t invest adequately in app security

Only 25 percent of respondents say their organization is making a significant investment in solutions to prevent application attacks despite awareness of the negative impact of malicious activity (decreased productivity, decline in revenues, lost customers).

Almost half of the business management team (48 percent) believes that app performance and speed are more important than security, whereas 56 percent of IT management ranked performance and security as equally important. 65 percent of companies say they would be spurred to increase application protection measures only after an end user or customer were negatively affected.

Would any of the following factors influence your organization to increase the budget?

application security visibility

App threat analytics enable proactive security posture

The majority (79 percent) of survey respondents agreed the ability to detect application attacks “in the wild” is very important. And nearly half of the survey’s respondents say they would update their application protection solution as frequently as hourly or daily if they had visibility into specific types of attacks being waged against their apps.

“It’s disturbing that so many companies acknowledge the increasing risk of application attacks, yet they are doing very little to prevent breaches from occurring,” says Joe Sander, CEO, Arxan. “It’s backward thinking, and it puts customers at significant risk. You don’t wait until you’re in a car crash to buy car insurance. It’s crucial to place security investments where attacks are happening.”