AUS
NZ
UK
CA
USA
FRA
GER
ESP
ITA
NLD
PRT
SWE
GRC
IND
POL
BRA
ZAF
RUS
CHN
UAE
_05_09_2025_03_24_13_389591.jpg)
 |
Internal disconnects, poor visibility, and misaligned priorities leave organizations vulnerable to costly API security incidents
SINGAPORE, May 7, 2025 /PRNewswire/ -- Akamai Technologies (NASDAQ: AKAM), the cybersecurity and cloud computing company that powers and protects business online, today released the latest 2025 API Security Impact Study, an in-depth Asia-Pacific study exploring the hidden vulnerabilities, financial impacts, and operational challenges caused by application programming interface (API) security incidents in the region's largest economies. Based on the study, despite a growing awareness of API vulnerabilities, the commitment to API security from senior leadership and security teams across the region has not kept pace, resulting in costly API attacks that underscore the urgent need to reach a consensus on where API security fits into their cybersecurity priorities.
The study, which surveyed more than 800 IT and security professionals across China, India, Japan, and Australia, paints a stark picture of the escalating risks enterprises face from insecure APIs. With APIs now the backbone of modern digital infrastructure, 85% of organizations in the region reported at least one API-related security incident in the past 12 months. The financial impact is equally concerning, with the average estimated cost of API security incidents reaching more than US$580,000 across the surveyed markets. However, many enterprises still lack visibility into their API ecosystems and the sensitive data they expose.
"APIs have become mission-critical, powering everything from mobile banking to connected vehicles. But our research shows that organizations across Asia-Pacific are struggling to secure them," said Reuben Koh, Director of Security Technology & Strategy, Akamai Technologies, Asia-Pacific & Japan. "It is crucial for organizations to reach a consensus on the root cause, impact, and priority levels of API security incidents so that they can implement holistic security strategies to protect critical APIs from development to runtime."
Key findings for Asia-Pacific:
- China leads in API security prioritization, but gaps remain: Chinese respondents were the only group to rank "securing APIs from threat actors" as their top cybersecurity priority. However, cost perceptions varied widely, with C-suite executives estimating API incident costs at CN¥3.75 million (US$517,000) and front-line security staff estimating it closer to CN¥6.7 million (US$925,000).
- India reveals sharp internal disconnects: While 77% of Indian C-suite leaders claimed to have full API inventories, only 41% of AppSec professionals agreed. This disconnect extends to sensitive data awareness, with just 11% of AppSec teams confident that they know which APIs return sensitive data.
- Japan deprioritizes API risks despite industry exposure: API security ranked just fourth on the country's cybersecurity priority list, even as 96% of organizations in energy and retail industries reported recent API incidents. Japanese AppSec teams cited reputational damage with boards and executives as the top consequence.
- Australia hit hardest by incidents, but slowest to respond: Australia saw the highest incident rate (95%) and incurred significant financial impacts (AU$493,000 on average) yet had the lowest percentage of organizations regularly conducting comprehensive API vulnerability testing (6%).
A disconnect between risk and response
Across all four countries, the study reveals a critical gap between perception and reality:
- C-suite awareness is high, but operational visibility is low: 92% of APAC executives said their organizations experienced an API incident in the past 12 months, but only 37% of all respondents could confirm that they know which APIs expose sensitive data.
- Testing remains inconsistent: Despite high incident rates, only a small percentage of respondents across the region reported real-time API testing, with China at 22%, India at 15%, Japan at 11%, and Australia at 6%.
These disconnects reflect a broader challenge: Organizations are deploying APIs faster than they can secure them, creating fertile ground for attackers. "The problem is no longer theoretical. API abuse is happening right now, with real financial and reputational costs," added Koh. "Leadership teams must close the gap with security and AppSec professionals working closer together and invest in the right tools, processes, and alignment to protect this critical technology.
Compliance wake-up call
The study also found that while the majority of organizations factor API security into their compliance programs, few are doing so holistically. Only 41% incorporate APIs into risk assessments, and just 40% factor APIs into reporting requirements. Japan also lagged behind other countries in the region in recognizing API-related compliance requirements, with 22% stating that they do not factor API security into their compliance efforts.
From China's Data Security Law to Australia's Consumer Data Right regulation, the need to account for API risks in compliance and security frameworks is growing rapidly. As APIs become the connective tissue of digital business, securing them requires a deliberate, end-to-end approach. The study offers recommendations that organizations across Asia-Pacific should prioritize to build lasting resilience, including undertaking a full inventory of APIs, regular testing to ensure APIs are coded correctly, implementing runtime detection to differentiate between "normal" and "abnormal" API activity, and more.
To access the in-depth research, download the full study.
About Akamai
Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai's full-stack cloud computing solutions deliver performance and affordability on the world's most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence. Learn more at akamai.com and akamai.com/blog, or follow Akamai Technologies on X and LinkedIn.
Contact
Akamai PR
[email protected]
