New study details how consumers weigh the risk of the connectivity that powers their digital experiences even as APIs remain a prominent attack vector
BOSTON – February 22, 2022 – ThreatX, the leading API protection platform, today released the results of its new survey “API [In] Security: The Consumer Perspective,” which highlights the risk of API attacks on the consumer experience. Nearly every software application and mobile application uses, or is, an API. Attackers are increasingly focused on APIs and this focus pays off in the form of seized data that can be parlayed into financial returns or used as malicious leverage—on brands or their customers. This survey is especially important as brands seek to protect their customers’ data while attackers continue to home in on APIs as a valuable target.
“APIs are a common part of enabling digital experiences in our daily lives, whether consumers realize it or not,” said Gene Fay, CEO of ThreatX. “The data gathered by our survey sheds light on how API security can affect brands and reinforces how core APIs are to peoples’ lives. We hope that the industry will be able to use these insights to rethink how they approach API security so they can protect both customers and their brands for years to come.”
APIs facilitate much of the connectivity between applications that consumers enjoy daily. However, despite their easy-to-deploy nature, APIs are hard to control and easy for attackers to target. According to ThreatX’s survey, consumers are aware of the risk posed by APIs, with 91% of respondents reporting that they understand that their data is shared between connected applications, and only 45% of respondents reporting any hesitation before allowing access between applications.
As businesses take advantage of consumers’ desire for convenience, 62% of respondents reported an increase in business engagement via website or mobile app. However, this increased engagement requires the transmission of more personally identifiable information (PII) than in the past, which is a point of concern for consumers. According to the survey, 72% of respondents said they would leave a brand if their banking information was exposed in a data breach and 68% would leave if their social security numbers were released. This in stark contrast to fitness data (7%), photos (27%) or home addresses (36%), for instance.
“With how convenient applications make our everyday lives, it’s no surprise to see consumers drawn to connecting their applications, even at the expense of security,” said Dave Howell, Chief Marketing Officer, ThreatX. “This survey serves not just as a wake-up call to consumers, but to brands that may unwittingly expose customer PII and therefore put their reputations at risk. I hope this report helps people realize that by prioritizing API security, companies have the opportunity to protect both the user experience and the personal information of customers.”
Unfortunately for brands, 61% of survey respondents do not feel that security is a priority for brands, and only 26% believe that brands that have suffered a breach did everything to prevent an attack from occurring.
Additional findings from ThreatX’s report include:
- 74% of respondents reported that they either have “minimal” or “no” influence to encourage brands to take their security more seriously.
- 65% of respondents would consider paying more for an application or tech that was marketed as “secure.”
- 30% of respondents reported that if a mobile, web application or piece of technology they purchased was down once per week for updates they would leave the brand.
- 56% of consumers report that they change their login credentials for accounts associated with the brand following a breach.
- When asked how they would respond after their brand of choice experiences a data breach, only 13% of respondents reported that they would stop using the brand.
Conducted in December 2021, the survey includes findings from 833 respondents between the ages of 18-70 years old from the United States. Respondents were selected specifically to ensure diversity among household incomes and web/mobile application usage.