Head over to our on-demand library to view sessions from VB Transform 2023. Register Here

APIs are the lifeblood of digital transformation and lie at the heart of corporate strategies for growth and innovation. Nearly all businesses rely on APIs to connect services, transfer data and control key systems. In fact, APIs now drive mission-critical processes across organizations.

The exploding adoption of APIs has also greatly expanded organizations’ attack surfaces, increasing the need for enterprises to focus on API security. But as organizations transition into a multitude of cloud, hybrid and on-premises digital environments, this complexity makes it difficult for security teams to find and fix problems quickly.

In July 2022, Noname Security commissioned a survey from the independent research organization, Opinion Matters, to better understand the state of the API security environment and to examine the challenges facing organizations.

High-level findings

Noname’s research uncovered a level of complacency and potential denial around the risks that APIs present. While 76% of respondents surveyed said that they had experienced an API security incident, there were also high levels of confidence in their existing solutions, with 67% saying they were happy with the protection provided and the API security provided by either CSPs or specialist security providers. A majority, 71%, stated that they were confident and satisfied that they were receiving sufficient API protection.


VB Transform 2023 On-Demand

Did you miss a session from VB Transform 2023? Register to access the on-demand library for all of our featured sessions.


Register Now
Image source: Noname Security.

There is clearly a disconnect between what is happening in the real world and organizational attitudes towards API security. The level of misplaced confidence around API security is disproportionately high in comparison to the number and severity of API-related breaches. This points to the need for further education by security, appsec and development teams around the realities of API security.

Overall, the research exposed a disconnect between the high level of incidents, the low levels of visibility, effective monitoring and testing of the API environment, and a level of over-confidence that their tools and providers were preventing attacks.


600 senior cybersecurity professionals in the USA and U.K. were surveyed from across a variety of enterprise organizations in six key vertical market sectors: financial services, retail and ecommerce, healthcare, government and public sector, manufacturing, and energy and utilities.

Read the full report from Noname Security.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.