Enterprises in all industries are delivering new mobile experiences, leveraging the cloud and Big Data analytics, and digitizing their processes. As a result, applications are now the driver of economic growth, and all enterprises are becoming digital businesses. On average, enterprises are internally developing 2,500 applications a year.
In addition to lower spending on application security, the study also showed that UK companies are more likely to focus their application security programs on only a subset of business-critical apps, rather than the entire application portfolio.
Conversely, US organizations are more likely to issue mandates for enterprise-wide application security assessment programs – making programs at US enterprises, on average, more mature than those at UK enterprises.
When application security programs do not extend beyond business-critical applications, enterprises leave thousands of applications vulnerable. This creates long-term security threats as cyber-criminals attack the path of least resistance into an IT infrastructure, without regard to whether the application was business-critical or a little-used web application.
“Companies are becoming better at securing their networks and endpoints, causing cyber-criminals to focus their efforts on the application-layer. As a result, more than half of all successful breaches are attributed to application-layer vulnerabilities,” said Adrian Beck, manager of security program management, EMEA. “Closing the security the gap between the numbers of apps being produced and number that are assessed for security will help UK companies remain competitive in the new application economy.”