API security is a critical concern for industries that are undergoing digital transformation. Financial services and insurance sectors are particularly vulnerable due to the increasing number of APIs they need to manage. As early adopters of digitalization, these sectors face unique challenges requiring a customized API security approach. The 2024 State of API Security Report by Salt Security highlights the growing complexities and risks associated with APIs in financial services and insurance, offering essential insights into how organizations can protect themselves.

API Attacks in the Financial Services and Insurance Sectors Continue to Rise

Attackers are increasingly targeting financial services and insurance sectors due to the large volumes of sensitive data they handle and their heavy reliance on APIs for digital services. According to Salt Security’s latest report, over 50% of financial services and insurance organizations manage more than 500 APIs for development, delivery, and integration, which is a significant amount to secure.

This increase in API usage has made these industries prime targets for attackers. The report also reveals that 62% of financial services or insurance organizations have seen APIs increase by 50% or more in the past year, with 35% reporting an increase of over 100%. However, despite the growing API environments, 40% of organizations stated that they either don’t have a plan to discover APIs across the organization or are unsure if such a plan exists, leaving them vulnerable to unknown threats.

In addition, 64% of organizations admitted that they either experienced or were unsure if they had experienced an API security incident in the past 12 months, highlighting the challenge of maintaining visibility over APIs.

Cloud Migration and API Growth

As organizations transition to the cloud, APIs are crucial to their migration. 55% of financial services and insurance companies have identified cloud migration as the primary driver behind their increasing reliance on APIs. However, with rapid expansion comes increased risk, especially when APIs are not fully secured.

Alarmingly, 43% of companies discovered vulnerabilities in their production APIs over the past year, and only 7% of respondents said their primary APIs are updated daily. This gap between API growth and lack of security poses a significant threat, particularly as 18% of companies admit they don’t know which APIs expose sensitive data.

API documentation and requirements are also a significant area of concern. The report found that only 14% of respondents are very confident that their API inventories are complete. Meanwhile, the biggest problem for organizations is that their API programs lack sufficient focus on fleshing out requirements and documentation.

Production API Security Issues on the Rise

The risks associated with production APIs are significant. Nearly all financial services and insurance respondents reported major security issues with production APIs, with 25% experiencing an actual API breach in the past year. Furthermore, 59% of companies have delayed the rollout of new applications into production due to API security concerns, costing them valuable time and resources.

Despite these risks, only 1 in 5 organizations have an API posture governance strategy. This lack of oversight makes it difficult for companies to identify and address API security gaps before attackers exploit them.

Key findings from the report also include:

• Only 16% of companies reported that their current security tools are highly effective in preventing API attacks.
• 89% of respondents view Generative AI (GenAI) as a potential security concern, indicating the increasing risks associated with new technologies.
• Merely 14% of organizations are very confident that their API inventories are comprehensive, which makes it more challenging to manage and secure their digital assets.

API Security Gains C-Level Attention

The scale and impact of API breaches are increasing, leading to a rise in awareness of API security at the C-suite level. A study shows that 55% of financial services and insurance organizations now consider API security a topic of discussion at the C-level, highlighting the growing importance of protecting digital infrastructure.

In response to this trend, 82% of CISOs in the sector consider API security a higher priority today than two years ago. Additionally, at least 86% of organizations have made API posture governance a planned priority for the next two years, with 41% focusing on it in the next year.

Securing Digital Transformation with Salt Security

At Salt Security, we work with numerous financial services and insurance organizations to protect their digital transformation efforts. Our AI-infused API Protection Platform offers the visibility, governance, and security required to address the growing threats posed by APIs.

In an environment where 43% of companies have found vulnerabilities in production APIs and 64% are uncertain whether they’ve already experienced an API security incident, taking proactive steps to safeguard APIs is essential. As more companies rely on APIs to drive innovation, securing these interfaces becomes a business imperative. By partnering with Salt, financial services and insurance companies can maintain their competitive edge, protect customer data, and ensure the success of their digital initiatives in financial services or insurance organizations.

If you want to learn more about Salt and how we can help you on your API Security journey through discovery, posture governance, and run-time threat protection, please contact us, schedule a demo, or check out our website.

*** This is a Security Bloggers Network syndicated blog from Salt Security blog authored by Eric Schwake. Read the original post at: https://salt.security/blog/finance-and-insurance-api-security-a-critical-imperative