Companies are not investing in application security measures until after breaches occur, resulting in loss of productivity, customer trust and revenue, but at the same time could use more visibility into what is truly happening, a new study found.
That comes on the heels of research showing application breaches are rising and so are the security risks of running business critical apps in zero-trust environments.
In an effort to understand the risk unprotected applications pose to businesses when running in unsecured environments and how they are addressing this risk, the Ponemon Institute, in a study sponsored by security provider Arxan, surveyed 1,400 IT and IT security practitioners in the United States, European Union and Asia-Pacific.
“It’s disturbing that so many companies acknowledge the increasing risk of application attacks, yet they are doing very little to prevent breaches from occurring,” said Joe Sander, chief executive of Arxan, which sponsored the research. “It’s backward thinking, and it puts customers at significant risk. You don’t wait until you’re in a car crash to buy car insurance. It’s crucial to place security investments where attacks are happening.”
The study found nearly 75 percent of organizations likely, most likely or definitely experienced a material cyber-attack or data breach within the last year due to a compromised application.
In addition, 64 percent of respondents said they are either very concerned or concerned they will be hacked through an application. Additionally, 54 percent expect the severity of threats to increase this year.
On top of that, 25 percent of respondents said their organization is making a significant investment in solutions to prevent application attacks despite awareness of the negative impact of malicious activity (decreased productivity, decline in revenues, lost customers).
Forty-eight percent of the business management team said application performance and speed are more important than security, but 56 percent of IT management ranked performance and security as equally important. However, 65 percent of companies said they would hike application protection measures only after an end user or customer suffered a negative experience.
Seventy-nine percent of respondents said the ability to detect application attacks “in the wild” is very important.
Nearly half of respondents said they would update their application protection solution as frequently as hourly or daily if they had visibility into specific types of attacks being waged against their apps.
“This is a big deal, it’s not pocket change,” said Rusty Carter, vice president of product management, Arxan. “The average data breach costs almost $4 million when you include lost customers, the impact to operations, and your insurance costs going up. Companies have to change the way they think about investing in app security because threats are only getting worse.”
Click here to register to download the full report.