Share

Report: 681% increase in API attacks for customers in 2021

Close-up photograph of a woman's hands working with her laptop with an API security interface superimposed.
Image Credit: Getty Images

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!


A new report from Salt Labs, the research division of Salt Security, found that Salt Security customers experienced a 681% increase in API attack traffic over the past year while their overall API traffic grew 321%. This steep rise in malicious API security calls is causing delayed production rollouts and a lack of confidence in API security strategies, ultimately harming business innovation.

2021 saw a significant rise in API security incidents as organizations continued to transform their ways of working and as developers built more applications and APIs for an ever-growing number of services. Attackers also changed their tactics to target APIs more frequently. As a result, 95% of survey respondents reported having suffered an API security incident in the past 12 months.

Despite these security incidents, the average number of APIs in use per customer increased 221% over the last 12 months, growing from 42 in December 2020 to 135 in December 2021. Taking the 221% increase in APIs with the 321% growth in overall API call volume, Salt Security customers are using their APIs far more frequently. Twenty-six percent of survey respondents reported they use at least twice the number of APIs as a year ago and 5% using more than triple the APIs. However, API security concerns continue to impede innovation with 62% of respondents delayed deploying applications into production because of API security concerns. Organizations face an urgent need to reduce the risk around APIs to continue to innovate quickly and support business growth.

Nearly every company is finding security problems in their production APIs. Vulnerabilities are the leading challenge, with 39% of respondents identifying them in their production APIs.

Accordingly, stopping API attacks remains the #1 security priority for surveyed enterprises for the third time in a row (42%). There was additional upside in the results of this edition of the report as well — API security is universally changing how security teams work for the better. More than a third of respondents (34%) reported that security is collaborating more with devops, and another 30% cited that devops is seeking input from security teams to shape API guidelines. An additional quarter of respondents (25%) have security engineers getting embedded with devops teams, which is driving real progress toward DevSecOps adoption.

The report drew on a mix of survey results and anonymized data, including responses from more than 250 security, application and devops executives and professionals, and aggregated empirical customer data from the Salt Security API Protection Platform.

Read the full report by Salt Labs.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.