A new survey highlights the widespread nature of API security incidents and the lack of full inventories of potentially dangerous APIs. Credit: iStock A report released this week by OpinionMatters and commissioned by Noname Security found that more than three out of four senior cybersecurity professionals in the US and UK said that their organization had experienced at least one API-related security incident within the last 12 months.A similar number, 74%, said that they had not completed a full inventory of all APIs in their systems, or have full knowledge of which ones could return sensitive data. The most common security gaps identified were dormant APIs—APIs that have been ostensibly replaced but remain in operation—authorization vulnerabilities, and web application firewalls.With that said, a strong majority—71%—also said that they were confident in the API security provided by their communications service provider, indicating, according to Noname, that there’s a level of complacency at work around the topic.“There is clearly a disconnect between what is happening in the real world, and organizational attitudes towards API security,” the report said. “The level of misplaced confidence around API security is disproportionately high in comparison to the number and severity of API-related breaches. This points to the need for further education by security, [application security], and development teams around the realities of API security.” Digital transformation, the report added, will only make API security more important as time goes on. The authors cited a Gartner report that said that API-related breaches could become the most common type of security incident as of this year.Utility, manufacturing sectors have biggest API security issuesThe most vulnerable industries, according to the survey, were energy and utilities, as well as manufacturing—78% of respondents in the former industry reported some type of API breach in the previous year, as well as 79% in the latter. Only 19% of energy and utility company respondents reported having a full API inventory or full insight into which of their APIs were potential points of vulnerability. UK respondents were slightly more likely to have real-time insight into their potential API vulnerabilities, as well as a better sense of overall API inventory—14% of UK respondents reported real-time testing, with just 8% of US users saying likewise, and 28% said they had fully inventoried their APIs and potentially sensitive data, compared to 24% for US respondents.Related: 9 API security tools on the frontlines of cybersecurity Related content news Multibillion-dollar cybersecurity training market fails to fix the supply-demand imbalance Despite money pouring into programs around the world, training organizations have not managed to ensure employment for professionals, while entry-level professionals are finding it hard to land a job By Samira Sarraf Oct 02, 2023 6 mins CSO and CISO Technology Industry IT Training news Royal family’s website suffers Russia-linked cyberattack Pro-Russian hacker group KillNet took responsibility for the attack days after King Charles condemned the invasion of Ukraine. By Michael Hill Oct 02, 2023 2 mins DDoS Cyberattacks news ShadowSyndicate Cybercrime gang has used 7 ransomware families over the past year Researchers from Group-IB believe it's likely the group is an independent affiliate working for multiple ransomware-as-a-service operations By Lucian Constantin Oct 02, 2023 4 mins Hacker Groups Ransomware Cybercrime feature 10 things you should know about navigating the dark web A lot can be found in the shadows of the internet from sensitive stolen data to attack tools for sale, the dark web is a trove of risks for enterprises. Here are a few things to know and navigate safely. By Rosalyn Page Oct 02, 2023 13 mins Cybercrime Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe