Just 1% of organizations invest more than 20% of their total security budget into AppSec.

62% of organizations knowingly release insecure code to meet delivery deadlines.

57% of organizations wait until just before deployment to involve security.

60% of organizations say security issues are more likely to delay product launches than feature bugs.

8 in 10 AppSec professionals are open to outside help.

62% of security professionals fear being fired following a breach.

17% of security professionals believe termination is likely after a breach.

51% of teams have fully addressed OWASP Top 10 threats, meaning nearly half remain exposed to foundational risks.

Application-layer attacks account for 43% of breaches.

25% of healthcare executives say they are likely to invest in application security.

In North America, only 8% of respondents report security is “always” a factor in purchasing decisions.

In the Asia Pacific region, 33% of respondents report security is “always” a factor in purchasing decisions.

Only 39% of business operations run on secured applications, according to CISOs.

In nearly half of software-based product companies, security oversight has moved outside the CISO’s office entirely.

49% of CISOs say that buyers now factor application security (AppSec) into purchasing decisions.

24% of respondents indicated that application security is “always” a factor in purchasing decisions.

In Europe, 58% of respondents report that security is “always” a factor in purchasing decisions.

In organisations developing software-based products, responsibility is split: 50% of organisations assign security responsibility to CISOs, while 43% move security oversight to development teams.

56% of organisations say that most of their development teams are fully integrated with AppSec programmes.

62% of CISOs report AppSec metrics to their board.