Friday, 27th November 2020

Businesses incurr losses that averaged $12 million as a result of attacks on their vulnerable applications

HCL Software and Ponemon Institute have released findings of a new report on application security in the DevOps environment.

The consequences of attacks against unsecured applications are significant and increase the likelihood of data breaches that place customer and employee information at risk. The purpose of the Application Security in the DevOps Environment study, sponsored by the HCL AppScan team, is to better understand organizations’ ability to quickly detect, prioritize and repair vulnerabilities in their applications.

Current Landscape

According to the report, 84 percent of participants rated the threat from insecure applications as significant.

Despite survey participants rating the threat from insecure applications as significant, a full 20 percent of organizations stated that they took no steps to test for vulnerabilities in their applications. Additionally, respondents stated that on average only 33 percent of their business-critical applications were continuously tested for vulnerabilities.

“The lack of testing for critical applications is mind-boggling, especially since none of the respondents believed that their organizations could prevent more than half of the attacks against vulnerable apps when they get into production,” said Eitan Worcel, Head of HCL AppScan Product Management.

Financial Impact

As organizations struggle to address these threats, they estimated that the total economic loss they have incurred in the past 12 months as a result of attacks against their vulnerable applications averaged nearly $12 million. That’s an average of approximately $1 million per month.

Breaking the financial impact down even further, 56 percent of respondents said they experienced total economic losses that exceeded $1 million as a result of attacks against their vulnerable applications, with 3 percent reporting total economic losses that exceeded $100 million.

“Large-scale breaches aren’t surprising, considering that 40 percent of respondents estimate that it takes them more than eight months on average to identify an attack against their vulnerable applications,” said Worcel. “This also emphasizes the importance of a proactive approach such as application security testing.”

Palo Alto Networks has introduced what it says is the industry’s first 5G-native security offering,...
Sophos has published the Sophos 2021 Threat Report, which flags how ransomware and fast-changing att...
Acronis has acquired CyberLynx, a leading Israel-based cybersecurity consultancy firm with a presenc...
Research uncovers critical cybersecurity and compliance risks.
Advanced ransomware recovery enhancements and technology integrations bring ability to identify, res...
Nearly half (49%) of organizations plan to extend Cognitive and AI capabilities for security to dete...
McAfee has launched MVISION Marketplace, MVISION API and MVISION Developer Portal, part of the MVISI...
Latest addition to Cloud One platform is ideal for those migrating their servers to the cloud.