2023年度 CISO現(xiàn)狀報(bào)告

S

tate

of

theCISOA

globalreport

onpriorities,painpoints,

andsecuritygaps2023Surveyconductedby:Table

of

Contents3IntroductionandKey

Findings8SurveyReport

Findings9Two-Thirds

ofCompaniesAre

RollingOutMore

DigitalServicesNow

ThanTwo

Years

AgoNearly90%ofCISOssay

DigitalTransformation

IntroducesUnforeseenRisksTalent

Tops

the

ListofSecurityChallengesResultingfrom

DigitalTransformationLitigationConcernisTop

PersonalChallengeCreatedby

DigitalTransformationSupplyChainandAPIsare

BiggestSecurityControlGapsinDigitalInitiatives78%

ofOrganizationsPlaceaHigherPriorityonAPISecurityNow

vs.Two

Years

AgoNearlyAllCISOsPlantoPrioritizeAPISecurityover

the

Next

Two

YearsAVariety

ofGlobalDevelopmentsare

SignificantlyImpactingCISOsTodayTheStruggletoFindQualifiedCybersecurityTalent

isImpactingDigitalTransformationBoardsofDirectorsare

KnowledgeableaboutCybersecurityWhileSecurityBudgetsHave

Increased,SecuritySpendingPower

hasDecreasedDemographics101112131415161718192022AboutSaltSecurityStateofthe

CISOReport

20232Introduction

andKe

yFindingsStateofthe

CISOReport

20233Introduction

andMethodologyDigitalinitiativesrepresentthe

cornerstoneofbusinessinnovationtoday,

andthe

rolloutofthesenewserviceshashadatremendousimpactoncompaniesaroundthe

globe.Inthissurvey,

we

setouttodiscover

how

the

digital-firsteconomyhasspecificallyimpactedthe

roleofthe

CISO/CSO.

Inadditionto

bringingawarenesstothe

evolvingroleofthe

CISO,

the

surveystrove

todelveintothe

broaderbusinessramificationsofthesechanges,soorganizationscanbetterunderstandhow

digitalinitiativesare

impactingriskandhow

companiescanbetterprotectthemselves.becomeanincreasinglyattractivetargetfor

cybercriminals.Why?

They’rerelativelyeasytohack,attacksare

difficulttodetectandcan’tbefound

by

existingsecuritytooling,andthe

rewards

forsuccessfullyhackingAPIsare

veryhighbecauseAPIstransportcompanies’mostvaluabledigitaldata.Infact,the

attacksurfacehasgrown

sosignificantly,APIs

are

predicted

to

become

thebiggest

security

vulnerability

ever,accordingtoindustryresearchfirmGartner.Whileawarenessofthe

needfor

APIsecurityhasclearlygrown,

itsimplementationisnotyet

pervasive.Thesurveyasked

CISOsaboutthe

effectsofdigitalizationacrossanumberofdifferentdimensions–fromthe

topsecurityandpersonalchallenges,tothe

biggestsecuritycontrolgaps,to

the

struggleto

findgoodtalent,to

the

impactthatglobaltrendsare

having,tothe

cyberknowledgelevel

oftheirboardsofdirectors.Beingonthe

securityfrontlines,CISOsfeel

the

risksofdigitalizationmostsharply.Butthe

potentialimpactofadigitalbreachaffectsthe

entireenterprise,costingorganizationsnotonlyindamageto

theirbrandreputationbutalsoinmitigationcosts,fines,andpotentiallitigation.Therefore,increasingsecurityfor

thesevitaldigitalinitiativesmustbeapriorityfor

the

wholebusiness–notjustthe

securityteam.C-level

executives

mustdotheirpart

to

enableandaidthe

businessbyprioritizingandfundingnewsecurityrequirementscreatedby

digitalization.Digitaltransformationisallaboutmovingfast.To

drivebusinessacceleration,securitymust“notgetinthe

way”whilesimultaneouslyensuringthe

safetyofthe

organization’s

criticaldataandservices.Byclosingthetopsecuritycontrolgapscausedby

digitalization,companiescanhelpalleviatethe

concernthat“movingfastcouldputthe

businessatrisk.”Therapidpaceofthe

digital-firsteconomyhastransformedthe

roleofthe

CISO.

For

CISOsaroundthe

world,the

adoptionofdigitalizationhasmadesecuringcriticaldatamorechallengingthaneverbefore.

Butthe

challengesextendbeyond

businessimpacts.CISOscitemany

personalchallengesthathave

alsoresultedfromthe

accelerationofdigitalization.They

fear

potentiallitigationasaresultofsecuritybreaches,theyhave

morejob-relatedstress,theyworryaboutpersonalliability,andtheyoftendon’thave

enoughtimetofulfillthe

requirementsoftheirjob.Globaltrendshave

alsoplayed

apart

intransformingthe

CISOrole–inparticular,the

speedofAIadoption.AIhasbecomemorewidelyusedby

cybercriminalsacrossthe

globe,givingthemtheabilityto

dramaticallyscaletheirattacksandcauseharmtoorganizations.To

counterthesethreats,CISOsthemselvesmustharnessthe

power

ofAIfor

good,usingitto“catch”andstopAI-drivenattacks,puttingmorepressureonthemtoquicklyadoptnewsolutionstosafeguardtheirandtheircustomers’criticalassets.MethodologyTo

getmoreinsightintocurrentpriorities,securitygapsandpainpointsfor

C-level

securityleaders,we

commissionedasurveyof300CISOs/CSOs.GlobalSurveyzResearch,anindependentsurveycompany,

administeredthe

surveyonline.Respondentsrepresentedcompaniesinthe

US,UK,Western

Europe(France,Netherlands)andBrazil,with500ormoreemployees,acrossavarietyofindustries,includingfinancialservices(includingfintech),healthcare,insurance,pharmaceutical,andeCommerce.Perhapsthe

mostsignificantfindingsare

the

securitycontrolgapsthathave

arisenasaconsequenceofnewdigitalinitiatives.Digitalizationhasgeneratedmultiplesecuritythreatsandrisks,the

biggestamongthemthe

applicationprogramminginterface(API).Foundationaltohow

applicationsare

builttoday,

APIsalsoplay

acrucialroleinothertopareasofCISOconcern,includingthird-partyvendors/supplychainsandcloud-basedapplications.Thishugeandexpandingattacksurfacegivesbadactorsmany

accesspointsintoorganizations’digitalapplicationsanddata.Consequently,APIshaveTherespondentswere

recruitedthroughaglobalB2Bresearchpanelandinvitedviaemailtocompletethe

survey,

withallresponsescollectedduringApril2023.

Theaverage

amountoftimespentonthe

surveywas7minutesand30seconds.Theanswerstomostofthe

non-numericalquestionswere

randomizedtoprevent

orderbiasinthe

answers.Stateofthe

CISOReport

20234Key

FindingsThe

Healthcare

and

Financial

Services

industries

face

the

biggest

security

impact

dueto

the

rapid

pace

of

digital

transformation

initiativesAlmost

half

of

CISOs

worldwide

haveconcerns

that

a

security

breach

in

their

organizationmay

result

in

personal

litigation

and

liability12Theproliferationofmoderndigitalservicesandapplicationscontinuestocomplicatethesecuritylandscapeandintroducenewsecuritycontrolgaps.89%ofCISOsworldwideagreethatmovingfastwithdigitaltransformationcanintroduceunforeseenrisksinsecuringorganizationdata(Figure

2).However,

ofthosewhoagreemoststrongly(37%),the

toptwo

industries(Figure

3)are

healthcare(47%)andfinancialservicesortechnologies(43%),whichmakes

sense,asthesesectorsare

experiencingacomparativelyhighlevel

ofdigitalinnovationanddisruption.Virtuallyallrespondents(99%)admittheyfacepersonalchallengesasaresultofdigitaltransformation(Figure

6),withthe

topconcernsbeingpersonallitigationstemmingfromsecuritybreaches(48%)andincreasedpersonalrisk/liability(45%).Withseveral

high-profileCISOlawsuitsmakingwaves

recently,the

trendofsecurityleadersoptingfor

rolesbelowCISOlevel,

orrequestingindemnification,isgrowing.CISOshave

fearsofbeingfound

personallyliableinthe

event

ofasecuritybreach,potentiallyputtingtheirown

livelihoodatrisk.To

alleviatefears,organizationsneedsecurityprocessesandtoolingthatprovide

CISOswithacomprehensiveviewintopotentialsecurityrisks.Withproven

riskmitigationcapabilities,CISOscanmoreeffectivelydemonstrateandclosesecuritycontrolgaps,gainingreassuranceandloweringtheirconcernsregardingpersonalliability.At

atimewhenthe

CISOroleismoreimportantthanever,

senior-level

companyexecutives

cannotrisklosingthe

bestcandidatestoworriesover

personalriskorlitigation.Becauseofferingdigitalserviceshasbecomecriticalintheseindustriestoremaincompetitiveandmeetconsumerexpectations,healthcareandfinancialservicesorganizationsintroducenewdigitalservicesatafasterpace.Consequently,thesesectorsseemore“pain”andchallengesearlier–andmorefrequently–thaninotherindustries.Paradoxically,the

surveyalsoshowsthatthesesectorshave

the

mostdifficultyjustifyingthe

costofsecurityinvestmentsto

protectnewdigitaltransformationinitiatives(Figure

5),makingthe

CISOroleinhealthcareandfinancialserviceseven

morechallenging.Stateofthe

CISOReport

2023578%

of

CISOs

areprioritizing

API

security

more

highly

than

two

years

ago,

and

95%

ofCISOs

say

API

security

is

a

planned

priority

overthe

next

two

yearsThe

speed

of

AI

adoption

is

the

global

development

most

impacting

the

CISO’s

role34Multipleglobaldevelopmentsare

contributingtothe

complexityofthe

CISOrole,includingmacro-economicuncertainty,the

geo-politicalclimate,andlayoffs

(Figure

11).ButtheleadingglobaltrendimpactingCISOsworldwide–whencombiningrespondents’ratingsofmedium,high,andveryhighimpact–isthe

speedofAIadoption(94%).Withthe

growthofthe

digital-firsteconomyover

the

pastcoupleofyears,the

usageofAPIshasexploded.Asthe

gluethatdrivesalldigitalinitiatives,APIseitherdirectlyorindirectlyimpactmostofthe

topsecuritycontrolgaps.They

alsohave

the

mostpotentialtoimpedethe

successofanorganization’s

digitaltransformationprograms.Giventhe

factthatAPIsare

embeddedintoalldigitalservices,it

’s

notsurprisingthat78%

ofrespondentssay

theirorganizationsare

prioritizingAPIsecuritymorehighlynow,

comparedto2021(Figure

8).Moreover,

CISOssay

APIsecurityprioritizationwillincreasefurther,with95%ofCISOsworldwidereportingtheirorganizationshave

madeAPIsecurityaplannedpriorityover

the

nexttwo

years.Thebiggestsecuritycontrolgapfor

CISOsintheirdigitalinitiatives(Figure

7)issupplychain/third-partyvendors(38%).Becauseeffectivedatasharingacrossthirdparties

andsupplychainsreliesonAPIstofunction,thisgapalsofurther

highlightsthe

APIsecuritypainpoint.Businessinnovation,digitalization,cloudmigration,andeffectiveAPIsecurityare

alltightlyinterrelated.Working

ontheseinitiativesinaunifiedway

helpsbusinessesreducetheirrisk.TheriseofAIinvirtuallyeveryindustryhastransformedthe

securitylandscape,andCISOsworryabouthow

thisdynamicwillaffecttheirorganizations.AIservesasauniquecyberdefensetoolwithitsabilityto

quicklyanalyzelargevolumesofdataandassessandlearnfrompotentialattacks.However,

AIcanalsobeasecuritythreat.Cybercriminalshave

alreadyturnedtoAIfor

itsabilityto

provide

newways

to

attackorganizations’infrastructures.UsingmorewidelyavailablegenerativeAItechnologies,suchasChatGPT,for

example,badactorscangeneratemaliciousemailsandeven

scriptattacksatamuchfasterrate.CISOsmustalwaysunderstandthe

adversary,andthe

adversaryisusingAI.AsCISOslearntonavigatethe

associatedthreatsandsecurityramificationsofAI,theymustalsolearntoharnessAI“defensively”for

theirorganization’s

security.Stateofthe

CISOReport

2023691%

of

CISOs

say

hiring

of

qualified

cybersecurity

talent

remains

a

significant

issue

todeliver

digital

transformation

initiatives5Becausedigitalservicesintroducenewtypesofcybersecurityattacks,itsdefensedemandsnewknowledgeandcapabilities,makingthe

hiringofqualifiedtalentessential.91%ofCISOssay

thatqualifiedcybersecuritytalentiscriticaltotheirabilitytodeliverdigitaltransformationinitiatives(Figure

12).Inaddition,CISOscitethe

lackofqualifiedcybersecuritytalentasthe

topsecuritychallengeresultingfromdigitalization.(Figure

4).Theshortage

ofsufficientlyqualifiedtalentmakesitharderfor

organizationstofindandhirepeoplewhounderstandthe

newtechnologiesandhave

the

skillsnecessarytoaddressthe

newsecurityrisksandchallenges.Moreover,

the

inabilitytofindandretainqualifiedsecuritytalentcanhinderCISOs’–andbusinesses’–successinadigital-firstworld.Asorganizationsacceleratetheirdigitaltransformationefforts,theynaturallyincreasetheuseofAPIsinmany

areasofbusinessandAI.Soit'spromisingtoseethattheirAPIsecurityeffortsare

finallymovingupward.

Sometimescompaniescanbepennywisebutpoundfoolishwhenitcomestosecurityinvestments.Butgiventhe

highcostofmajorpersonaldatabreaches,APIsecurityhastoriseinprominence,anddososharply,inthe

nearfuture.”–AntonChuvakin,securityadvisoratOfficeofthe

CISO,

GoogleCloudWe

are

enteringthe

newrealityofthe

“AI

era”ofcyber.

CISOsknow

thatAIattacksare

evolvingandbecomingincreasinglysophisticated–andthatthey’regrowingatanunprecedentedrate.Withsecurityteamsalreadyatcapacitydefendingabroadattacksurface,the

impactofescalatingAIthreats–aswell

asthe

necessitytoimplementanAIoffense–clearlyweighsheavilyontoday

’s

CISOs.”–EdAmoroso,founderandCEOofTAG

InfoSphereStateofthe

CISOReport

20237Survey

ReportFindingsStateofthe

CISOReport

20238Two-Thirds

of

Companies

Are

RollingOutMore

DigitalServicesNow

Than

Tw

o

Years

AgoTwo

thirds(66%)ofCISOsworldwidesay

thattheyare

deployingmoredigitaltransformationinitiativesnow

comparedtotwo

yearsago.Digitalserviceshave

becomeessentialtodelivermodernbusinessinnovation,maintainacompetitiveadvantage,andgeneraterevenue

growth.Companieslaggingbehindindigitaltransformationinitiativeswillfinditincreasinglydifficulttocompetewiththosewhoare

embracingnewdigitalservicesandthrivingasaresult.Figure

1:

Frequency

of

rolling

out

new

digital

services

compared

to

two

years

ago2%AlotlessAlittleless10%Alotmore25%Aboutthe

same22%Alittlemore41%More,

comparedto202166%Stateofthe

CISOReport

20239Nearly90%of

CISOssay

Digital

Transformation

Introduces

Unforeseen

Risks89%ofCISOssay

thatmovingfastwithdigitaltransformationinitiativesintroducesunforeseenrisksinsecuringcompanydata,whileonly10%slightlydisagreewiththatclaim,andamere1%verymuchdisagree.Figure

2:

Moving

fast

with

digital

transformation

initiatives

canintroduce

unforeseen

risks

in

security

vital

company

data10%1%Figure

3:

“Very

Much

Agree”,

byIndustryVery

muchdisagreeSlightlydisagreeFinancialservicesandhealthcareorganizationsappeartofeel

the

painofdigitalizationmoreacutelythanotherindustries.While37%ofCISOsworldwidesay

they“verymuchagree”thatdigitalservicescreateadditionalrisk,the

numberjumpsto43%for

CISOsinfinancialservicesand47%for

CISOsinhealthcareorganizations.Healthcare

47%FinancialServices/Very

muchagree37%43%Technologies35%33%28%Retail&eCommercePharmaceuticalInsuranceSlightlyagreeFor

theseindustries,inparticular,participatinginthedigitaleconomyisatopbusinesspriority.Theabilityto

innovate

andbringnewservicestomarketquicklyisessentialtomeetchangingcustomerexpectationsintheirsectors.Moreover,

ensuringthe

safetyofcriticalfinancialandpersonalhealthdataintheseindustriesisalsoparamount.52%Agree89%Stateofthe

CISOReport

2023

10Talent

Tops

theList

of

SecurityChallengesResultingfrom

Digital

TransformationCISOsworldwidesay

the

lackofqualifiedcybersecuritytalentistheirbiggestsecuritychallengeresultingfromdigitalization.Newmethodsofsecurityattacksandincreasingrisksrequirenewqualifications.Inaddition,alackofqualifiedtalentalsoincreasescompetitionacrosscompaniestofindandhire

the

rightpeople.Figure

4:

Top

security

challenges

arising

fromdigital

transformation40%36%TalentSoftwareadoptionButatalentshortage

isn’tthe

onlychallengefacingCISOs.Infact,CISOsfacemanychallengesduetodigitaltransformation,andtheyconsidermosttobeofnearlyequallevels

ofconcern.Thisrealityforces

CISOstodevote

timeandresourcestoaddressmultiplechallengessimultaneouslytomitigatesecuritythreatseffectively.Changingenvironments

35%35%34%31%29%28%ComplianceCostjustificationStakeholdersupportBudgetInaddition,while34%percentofCISOSworldwidecite“difficultiesjustifyingthecostofsecurityinvestments”asakey

challenge,thatfigurejumpsfor

financialservicesandhealthcareCISOs,to43%and38%respectively(Figure5).Asseenfrompreviousresponses,financialservicesandhealthcareCISOsexperiencethesecurityrisksofdigitaltransformationmorekeenlythanthe

worldwideaverage(Figure

3).Disturbingly,thesefindingsshow

theyalsoexperiencethe

biggestchallengesinjustifyingnewsecuritycoststo

cover

thoserisks.UserneedsFigure

5:

Difficulty

justifying

cost

of

security

investments,

byindustry43%38%33%28%27%FinancialServices/TechnologiesHealthcareRetail&e-CommerceInsurancePharmaceutical*Questionallowedmorethanoneanswerandasaresult,

percentageswilladduptomorethan100%Stateofthe

CISOReport

2023

11Litigation

Concernis

To

pPersonal

ChallengeCreated

byDigital

TransformationCISOsidentifynumerouspersonalchallengesfromdigitaltransformation(Figure6).At

the

verytopofthe

listare

concernsover

personallitigationstemmingfrombreaches(48%)andincreasedpersonalrisk/liability(45%).Recenthigh-profileCISOlawsuitshave

likelycontributedtotheseconcerns.Figure

6:

Top

personal

challenges

fromdigital

transformationConcernsover

personallitigation48%stemmingfrombreaches45%43%38%37%31%1%Thepotentialimpactoftheseconcernscanbegrave

for

businesses.Anecdotally,we

have

heardofqualifiedCISOsconsideringtakingarolealevel

belowCISO,

andmany

are

requestingindemnificationorinsurancetocompensatefor

the

risk.ThistrendcouldpotentiallyleadtoaleadershipgapandtocompaniespayingCISOshighersalariestoattractthemdespitethe

riskofpersonallitigationassociatedwiththeirjob.Increasedpersonalrisk/liabilityExpandedresponsibilitiesandnotenoughtimetofulfillMorejob-relatedstressBiggerteamstomanageTo

solvethisissue,businessleadersmustcollaboratemorecloselywithCISOsandensurethatappropriateprecautionsare

inplacetoprotectthe

business.Second,CISOsmustbeequippedwithsecuritysolutionsthatprovide

acomprehensiveviewofallvarious,intertwinedrisks.Withgreatervisibilityandcontext,CISOscandemonstrateprogressonriskmitigationandreducesecuritycontrolgaps,loweringthe

riskofpersonalliabilityasaresultofabreach.IfCISOslackthe

neededvisibility,theycan’tdetectorprevent

potentialthreats.LackofpersonaltimeDon'tfaceany

personalchallenges*Questionallowedmorethanoneanswerandasaresult,

percentageswilladduptomorethan100%Inadditiontoupendingmany

traditionalsecurityapproaches,the

digital-firsteconomyhasimpactedalotofusCISOsonaverypersonallevel.

Thefactthatmy

peershighlighted‘concernsoverpersonallitigationstemmingfrombreaches’astheirtoppersonalconcernshouldbealarmingtoeveryoneinthe

industry.Qualifiedleadersmay

decidenottopursuethe

roleiforganizationsdon’thave

the

rightcybertoolsorprocesses,oriftheyconsiderthe

personalrisktoohigh.”–Mike

Towers,

ChiefDigitalTrust

OfficeratTakeda

PharmaceuticalsInternationalStateofthe

CISOReport

2023

12SupplyChainand

APIsare

BiggestSecurityControl

GapsinDigitalInitiativesCISOsidentifysupplychainorthird-partyvendors(38%),APIadoption(37%),andcloudadoption(35%)asthe

topthreesecuritycontrolgapsresultingfromtheirdigitalinitiatives.Figure

7:

Biggest

security

control

gaps

in

digital

initiatives38%37%35%34%33%32%28%27%Supplychain/thirdparty

vendorsAPIadoptionWiththe

growthofthe

digital-firsteconomyover

the

pastcoupleofyears,theusageofAPIshasexploded.Asthe

deliverymechanismfor

sharingdataacrossdigitalservicesandapplications,APIsrepresentthe

key

componentofdigitaltransformation.APIsalsoplay

aparticularlycriticalroleinCISOs’firstandthirdconcerns–supplychain/third-partyvendorsandcloudadoption.Becausethoseservicesrely

onAPIstorun,organizationsmay

beseeinga“doubleimpact”oftheneedfor

APIsecurity,bothtoprotectthe

APIstheyknow

theyare

writingtosupportkey

applicationsandthe

APIsessentialtosupplychainandcloudinitiatives.CloudadoptionIncompletevulnerabilitymanagementOutdatedsoftwareandhardwareShadowITSecurityrequirementshave

grown

exponentiallywithdigitalization,andwe’re

movingfasterthanever

withthosedigitalprojects.Objectivedataonthe

securitychallengesbringsmoreawarenesstothe

problemsetandhelpsuscraftways

to

work

togethertocreateastrongerandsafercybersecurityculture.”ZerotrustInsiderthreats–JulieChickillo,VP,

headofcybersecurityatGuildEducation*Questionallowedmorethanoneanswerandasaresult,

percentageswilladduptomorethan100%Stateofthe

CISOReport

2023

1378%of

Organizations

Place

aHigherPriorityon

APISecurityNow

vs.

Tw

o

Years

AgoAlongwiththe

immenseopportunityfueledby

APIscomespotentialrisks.Moreover,

ifunaddressed,theseriskscouldpotentiallyimpedethe

successofanorganization’s

digitaltransformationprograms.Thesurveyfindingsshow

thatorganizationsare

startingto

recognizethatprotectingdigitalinitiativesdemandsprioritizationofeffectiveAPIsecurity.Whileitisnotsurprisingthat78%

ofCISOsviewitasahigherprioritythantwo

yearsago,itisabitofamysterythat5%ofCISOsworldwidesay

APIsecurityisnow

alowerpriority.Figure

8:

How

organizations

prioritize

API

security

nowcompared

to

two

years

ago1%Muchlowerpriority4%SomewhatlowerpriorityFigure

9:

Which

industries

rate

API

security

a

“much

higherpriority”

nowFinancialServices/43%TechnologiesThesame37%35%Retail&eCommercePharmaceuticalpriority17%Muchhigherpriority37%Inaddition,outofthe

78%

ofCISOswhosay

APIsecurityisahigherpriority,34%reportthatAPIsecurityisa“muchhigher”priority.Lookingatthedataby

industry,however,

we

seethat43%offinancialservicesCISOssay

APIsecurityisa“muchhigher”priority–9%higherthanthe

globalSomewhatHealthcare

32%higherpriority43%25%Insuranceaverage.

RetailandeCommerceCISOsfollow

at37%.Viewaspriority78%Financialservicesandretail/eCommercehave

beenparticularlyimpactedby

economicshiftsandhaveturnedtodigitalizationtodrivebusinessgrowthinitiatives.Therefore,

itstandsto

reasonthattheywouldhave

prioritizedAPIsecuritytoagreaterdegreeover

the

previoustwo

years.Stateofthe

CISOReport

2023

14Nearly

AllCISOsPlanto

Prioritize

APISecurityover

theNext

Tw

o

YearsCISOsare

well

awareoftheirever-expanding

APIecosystemandtheirorganization’s

increasingrelianceuponthem.APIsdrivegrowthandprofitabilityandenablethesebusinessestodelivertheirdigitalgoodsandservices.WithoutAPIsecurityprogramsthatprotectthesecrucialconnectivitytools,companiesputeverythingatrisk–speedtomarket,competitiveadvantage,andthe

branditself.Figure

10:

Plans

for

prioritizing

API

security

overthe

next

two

years2%3%Very

lowpriorityLowpriorityTherefore,

it

’s

nosurprisethatAPIsecurityisatthe

forefront

ofsecurityleaders’mindsandtheyexpectittobecomeaneven

higherpriorityinthe

comingyears.Infact,95%ofCISOsworldwidesay

theirorganizationshave

madeAPIsecurityaplannedpriorityover

the

nexttwo

years.Criticalpriority19%Mediumpriority17%Thisfindingalsoalignswithotherindustryresearch.TheGartner

2022InnovationInsightfor

APIProtectionreport,for

example,found

that“securityleadersare

lookingfor

additionalsecuritycapabilitiestoprotecttheirAPIs.They

are

expandingbeyond

theirexistingAPIgateways(GWs)andweb

applicationandAPIprotection(WAAP)

solutions–especiallyinindustryverticalswithhighsecurityrequirements.”Highpriority59%Giventhe

growingimportanceofAPIsover

the

lastseveral

yearsfor

enablingmodernbusinesses,itissurprisingthatAPIsecurityhasbecomemainstreamonlyrecently.Thefactthatsecurityframeworksandregulationsare

slow

to

evolve

ispartly

toblame,buthopeisonthe

horizon.TheFederal

FinancialInstitutionsExamin