15 surprisingly scary application security statistics

According to the cybersecurity readiness index released by Cisco in March of 2023, less than 10% of all companies worldwide are considered mature enough to tackle today’s cybersecurity issues. In part, this lag in maturity can be attributed to 92% of technologists prioritizing rapid innovation across application development ahead of app security. A stance that contradicts the 96% of executives who consider security resilience to be “highly important to business.”

Those are just a few telling research-based statistics that, when coupled with the growing need to build trust with digital users, don’t bode well for the future of companies that aren’t striving hard enough. How can you solve for security in a way that builds trust with users without losing the race to innovate digital experiences? Here are three suggestions:

Bake security into application delivery: the state of DevSecOps adoption

Application development and operations teams are leaning into DevSecOps to address user demand for high-performing and secure digital experiences. In a recent spotlight, IDC illuminates the need for speed and collaboration across teams to close gaps between siloed security and application teams, citing that silos and gaps attract hackers who can easily take advantage of disconnected teams.

But that’s not the only reason security is taking a more serious and prominent role:

• • • Half of security professionals report that developers fail to identify 75% of vulnerabilities. (GitLab Global DevSecOps survey)
    • More than 99% of technologists say applications in production contain at least four vulnerabilities. (Contrast Security The State of DevOps Report)
    • 50% of IT professionals agree that security is an afterthought in the application delivery chain. (EMA, Accelerating secure application development)
    • 78% of technologists say it’s the lack of shared vision between app development and security teams that presents a challenge to AppSec over the next 12 months. (Cisco AppDynamics, The shift to a security approach for the full application stack)

Protect what matters most: focus on security resilience

Security resilience is the ability to protect the integrity of every aspect of your business so it can withstand unpredictable threats or changes and emerge stronger. With trust at the forefront of digital business growth, cybersecurity now cuts through every aspect of resilience-building initiatives. Today more than ever, building security resiliency is synonymous with building trust in the market. Without it, companies fail.

The latest Security Outcomes Report from Cisco surveyed over 4700 security and privacy professionals across 26 countries. Key findings include:

• • • 46% of companies agree; the top struggle in achieving security resilience is containing the spread or scope of security incidents.
    • 62% of organizations have experienced a resilience-impacting security incident and for more than half of those, it resulted in a loss of competitive advantage.
    • Only 37% of respondents feel confident in their company’s ability to remain resilient through a worst-case scenario cyber event.

Leverage digital trust to drive revenue growth

Application users grow more security savvy with every reported breach and at this point, most users (85%) report that a company’s privacy policies factor into purchasing decisions. As such, companies can easily stall growth if they aren’t actively building trust or fully protecting users. The good news for those who do is that digital trust equates to revenue and EBIT growth of at least 10% annually. The Digital Trust Insights 2023 from PwC reveals that CEOs are becoming more involved in cybersecurity initiatives and better supporting their security leaders.

Of CEOs surveyed:

• • • 52% drive major initiatives to improve security posture.
    • 51% require cyber risk management plans.
    • 48% demand risk and mitigation effort updates more frequently.

In all cases, companies and teams need the right tools to promote a collaborative, resilient and growth-driven culture. Those that view user trust as paramount and automate vulnerability detection and prioritization for remediation based on business-critical goals are ahead. And for those behind, there’s still time to catch up!

Learn more about the role of Business Risk Observability in Building digital trust and fueling growth through application security. Or watch The state of cybersecurity: real-world strategies for mitigating business risk, on-demand.