State of API Security: Financial Services and Insurance
API security is a pressing concern for industries undergoing digital transformation, and none more so than financial services and insurance. To shed light on their unique challenges, Salt undertook and today released its first industry-specific report on API security: the 2023 “State of API Security for Financial Services and Insurance.” Given their early adoption of digitalization, we wanted to learn how API threats and vulnerabilities specifically impact these sectors and how they differ from other markets.
API attackers are on the move in financial services and insurance
We discovered that API attackers have become increasingly active in financial services and insurance. In fact, our findings reveal a staggering 244% increase in unique attackers in financial services and insurance between the first and second halves of last year.
Breaches not only threaten key business initiatives but also can result in costly fines and reputational damage. Just one potential security breach could pose a significant threat to the value of an organization’s digital transformation initiatives.
Also alarming is the finding that nearly 70% of financial services and insurance companies have delayed application rollouts due to API security issues – more than 10% higher than the overall industry average. Such delays can cost a business the loss of valuable time, resources, and customer confidence.
Security issues rising for production APIs
The report shows that 92% of financial/insurance respondents have faced significant security issues related to production APIs over the past year, and nearly one out of five have experienced an actual API security breach.
Yet, despite these growing attacks, more than 25% of the financial services/insurance organizations surveyed lack a proper API strategy, putting them at a higher risk of API breaches. Other notable findings include:
- 42% of respondents have little confidence in understanding which APIs expose PII
- Merely 13% of respondents consider their API security programs to be advanced
- 36% of respondents update their APIs at least weekly, but only 10% update their documentation at the same weekly pace
- Only 42% of respondents identify API security gaps during production/runtime, the critical stage where actual attack activity occur
Recognizing API security as a business priority
On the positive side, given the importance of digital services as a business driver in these industries, awareness of API security as a critical issue is growing, as highlighted by the following findings:
- 56% of financial services/insurance respondents say API security is now a concern at the C-level, marking an 8% increase versus the overall industry response average of 48%
- 79% of financial services/insurance CISOs say that API security is a higher priority today than it was two years ago
- 76% of financial services/insurance CISOs say their organizations have made API security a planned priority over the next two years, with 13% categorizing it as a critical priority
Protecting digital innovation with Salt
Here at Salt we have many customers in the financial services and insurance sectors – each with their own unique situation and requirements. All of them recognize that API security is essential to their success. By leveraging the Salt Security API Protection Platform, they can ensure the safety of their digital initiatives, maintain customer trust, and safeguard their reputation.
But don’t just take our word for it. In the following excerpts from anonymous Gartner Peer Insights reviews, read why financial services and insurance customers have adopted our purpose-built API security:
“As a financial company providing banking services, our clients rely on us to protect and secure their digital financial transactions… While a WAF protects us from “known” attacks and gives us limited insights and visibility to defend against API attacks, Salt has shown us potential risks where we previously had no insights and has found attacks that our security analysts could not spot.”
IT security and risk management role, banking industry, company size $3-10 billion
“As a bank, we’re a constant target, and no surprise we’re really focused on security. We looked at a few platforms, and Salt was the best solution for us. Salt shows us all our internal and third-party API endpoints, and we can see what data is going in and out. So, we have a better sense of our weaknesses and potential threats we need to mitigate. Salt has also helped us catch a lot of mistakes while we’re still building our APIs, so we can fix them before pushing those APIs into production.”
IT security and risk management role, banking industry, company size $500 million to $1 billion
“The Salt attacker timeline is very helpful for its ability to correlate all the attack information in one place. We can see the pattern of attempted attack so we can block it proactively. In addition, being a financial institution, we are always looking for solutions to stay in compliance with security regulations and Salt helps us stay ahead of the curve in regards to API security.”
IT role, banking industry, company size $50-250 million
“Attackers know that APIs make an easy target, in part because a lot of companies haven’t focused on protecting them. We knew we wanted a dedicated API solution to discover and protect our growing population of APIs. Deployment was easy, and Salt quickly enabled us to discover all of our APIs, including shadow (unknown) APIs.”
IT security and risk management role, finance (non-banking), company size $3-10 billion
We invite you to download your complimentary copy of the complete 2023 State of API Security for Financial Services and Insurance report and read all the findings. If you would like to experience for yourself how Salt can provide the deep visibility and adaptive intelligence needed to protect your critical APIs, please contact us or click here to arrange a customized demo.
*** This is a Security Bloggers Network syndicated blog from Salt Security blog authored by Stephanie Best. Read the original post at: https://salt.security/blog/state-of-api-security-financial-services-and-insurance
