4% of organizations reported API increases of 201–300%.

25% of respondents pointed to budget limitations as the primary barrier to implementing a strong API security program.

7% of respondents pointed to time constraints as the primary barrier to implementing a strong API security program.

11% of respondents pointed to tooling/solutions gaps as the primary barrier to implementing a strong API security program.

2% of organizations adhere to other specific security standards or frameworks for API development and deployment.

10% of respondents identified that their company's API program doesn't focus enough on fleshing out requirements and documenting.

Only 19% of organizations were 'very confident' in the accuracy of their API inventories.

20% of organizations use two different gateways.

55% of organizations were only 'somewhat confident' in the accuracy of their API inventories.

67% of developers, architects, and executives adopt functional testing practices.

Only 26% of developers, architects, and executives use semantic versioning.

11% of organizations said their API security budget did not increase.

8% of organizations were 'not at all confident' in the accuracy of their API inventories.

21% of organizations rely on regular penetration testing to assess the effectiveness of their API security measures.

4% of organizations do not know what specific security standards or frameworks they adhere to for API development and deployment.

57% of organizations train developers on secure coding practices for AI-generated code.

18% of organizations said lower enterprise risk score is a metric for measuring API security ROI

51% of organizations are still in planning or basic stages of API security maturity.

28% of organizations manage between 1 and 100 APIs.

33% of organizations flagged authentication problems as the most common API security problem.