New Akamai Study Reveals API Security Incidents Cost APAC Enterprises Over US$580,000 on Average in the Past Year

Internal disconnects, poor visibility, and misaligned priorities leave organizations vulnerable to costly API security incidents

SINGAPORE,May 7, 2025/PRNewswire/ -- Akamai Technologies (NASDAQ: AKAM), the cybersecurity and cloud computing company that powers and protects business online, today released the latest2025 API Security Impact Study, an in-depthAsia-Pacificstudy exploring the hidden vulnerabilities, financial impacts, and operational challenges caused by application programming interface (API) security incidents in the region's largest economies. Based on the study, despite a growing awareness of API vulnerabilities, the commitment to API security from senior leadership and security teams across the region has not kept pace, resulting in costly API attacks that underscore the urgent need to reach a consensus on where API security fits into their cybersecurity priorities.

The study, which surveyed more than 800 IT and security professionals acrossChina,India,Japan, andAustralia, paints a stark picture of the escalating risks enterprises face from insecure APIs. With APIs now the backbone of modern digital infrastructure, 85% of organizations in the region reported at least one API-related security incident in the past 12 months. The financial impact is equally concerning, with the average estimated cost of API security incidents reaching more thanUS$580,000across the surveyed markets. However, many enterprises still lack visibility into their API ecosystems and the sensitive data they expose.

"APIs have become mission-critical, powering everything from mobile banking to connected vehicles. But our research shows that organizations acrossAsia-Pacificare struggling to secure them,"saidReuben Koh, Director of Security Technology& Strategy, Akamai Technologies,Asia-Pacific&Japan."It is crucial for organizations to reach a consensus on the root cause, impact, and priority levels of API security incidents so that they can implement holistic security strategies to protect critical APIs from development to runtime."

Key findings forAsia-Pacific:

• Chinaleads in API security prioritization, but gaps remain:Chinese respondents were the only group to rank"securing APIs from threat actors"as their top cybersecurity priority. However, cost perceptions varied widely, with C-suite executives estimating API incident costs at CN¥3.75 million(US$517,000)and front-line security staff estimating it closer to CN¥6.7 million(US$925,000).
• Indiareveals sharp internal disconnects:While 77% of Indian C-suite leaders claimed to have full API inventories, only 41% of AppSec professionals agreed. This disconnect extends to sensitive data awareness, with just 11% of AppSec teams confident that they know which APIs return sensitive data.
• Japandeprioritizes API risks despite industry exposure:API security ranked just fourth on the country's cybersecurity priority list, even as 96% of organizations in energy and retail industries reported recent API incidents. Japanese AppSec teams cited reputational damage with boards and executives as the top consequence.
• Australiahit hardest by incidents, but slowest to respond:Australiasaw the highest incident rate (95%) and incurred significant financial impacts (AU$493,000 on average) yet had the lowest percentage of organizations regularly conducting comprehensive API vulnerability testing (6%).

A disconnect between risk and response

Across all four countries, the study reveals a critical gap between perception and reality:

• C-suite awareness is high, but operational visibility is low:92% of APAC executives said their organizations experienced an API incident in the past 12 months, but only 37% of all respondents could confirm that they know which APIs expose sensitive data.
• Testing remains inconsistent:Despite high incident rates, only a small percentage of respondents across the region reported real-time API testing, withChinaat 22%,Indiaat 15%,Japanat 11%, andAustraliaat 6%.

These disconnects reflect a broader challenge: Organizations are deploying APIs faster than they can secure them, creating fertile ground for attackers."The problem is no longer theoretical. API abuse is happening right now, with real financial and reputational costs,"added Koh."Leadership teams must close the gap with security and AppSec professionals working closer together and invest in the right tools, processes, and alignment to protect this critical technology.

Compliance wake-up call

The study also found that while the majority of organizations factor API security into their compliance programs, few are doing so holistically. Only 41% incorporate APIs into risk assessments, and just 40% factor APIs into reporting requirements.Japanalso lagged behind other countries in the region in recognizing API-related compliance requirements, with 22% stating that they do not factor API security into their compliance efforts.

FromChina'sData Security Law toAustralia'sConsumer Data Right regulation, the need to account for API risks in compliance and security frameworks is growing rapidly. As APIs become the connective tissue of digital business, securing them requires a deliberate, end-to-end approach. The study offers recommendations that organizations acrossAsia-Pacificshould prioritize to build lasting resilience, including undertaking a full inventory of APIs, regular testing to ensure APIs are coded correctly, implementing runtime detection to differentiate between"normal"and"abnormal"API activity, and more.

To access the in-depth research,download the full study.

About Akamai

Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai's full-stack cloud computing solutions deliver performance and affordability on the world's most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence. Learn more at akamai.comand akamai.com/blog, or follow Akamai Technologies on X and LinkedIn.

Contact

Akamai PR

Akamai-APJHub@edelman.com 

View original content:https://www.prnewswire.com/apac/news-releases/new-akamai-study-reveals-api-security-incidents-cost-apac-enterprises-over-us580-000-on-average-in-the-past-year-302447259.html

SOURCE Akamai Technologies, Inc.