The majority of these APIs are not documented or monitored. Even worse, the vast majority of them have no security strategy in place to protect their API assets from cyber attacks and vulnerabilities.
4. Lack of Security Maturity for API Development Teams
Most enterprises do not have a dedicated team that is responsible for API security. This lack of maturity is evident when you look at how organizations approach API development: 41% treat their APIs the same as Web applications; only 18% have a dedicated process for evaluating API security; and only 12% require developers to document all new APIs before they go into production (see Figure 2)
Back to Main