IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
DevOps
#
Network Security
#
Cloud Security

Global survey reveals rising AI threats & costly API security gaps

Today
Author image
By Sean Mitchell, Publisher

A new report has highlighted significant gaps in the application security measures of organisations worldwide, with concern mounting over issues ranging from artificial intelligence-driven attacks to poorly documented application programming interfaces (APIs) and insufficient staff training.

The findings were published in Radware's 2025 Cyber Survey: Application Security at a Breaking Point. The report documents a variety of threat areas that are growing more prevalent as organisations' security defences fall behind accelerating risks, particularly those involving AI, APIs, and business logic attacks.

AI threats

According to the survey, the increasing use of AI by malicious actors is causing a spike in cybersecurity concerns. Many organisations are particularly worried about hackers using AI to develop and refine attack tools, generate higher volumes of cyberattack traffic, and produce new vectors for zero-day attacks.

The survey found 70% of respondents are highly or extremely concerned about hackers using AI to create or improve hacking tools. Similarly, 67% expressed strong concern about the potential for AI to generate a larger volume of attacks, and 66% feared the role of AI in launching new zero-day attack vectors.

Despite these concerns, there is little uptake of AI-based protection measures; only 8% of surveyed organisations reported using AI-driven security solutions. However, a significant shift in adoption is anticipated, with four out of five organisations planning to implement AI-based cybersecurity solutions within the next year.

"The weaponisation of AI by malicious actors is intensifying cybersecurity threats and drawing even more attention to areas where companies are simply ill-protected," said Shira Sagiv, Radware's Vice President of Product Portfolio. "Internal alarms should be sounding. Companies openly admit to major concerns about gaps in cyber protection and lack of readiness, especially around web applications and APIs; yet their usage continues to climb creating even more risk and exposure."

API vulnerabilities

The survey also points to continued vulnerability in the management of APIs, which are increasingly in use by organisations but often ill-protected. Between 2023 and 2025, API usage has risen by 42%, with the frequency of daily API updates multiplying sixfold during the same period.

On average, organisations are integrating 19 third-party APIs per application, a practice that introduces new risks involving data exposure and potential compromise that are not easily solved at the coding stage.

Business logic attacks, a frequent variant of API attacks, were also noted as a mounting risk. While 81% of respondents said having real-time protection measures for business logic attacks is very or extremely important, only 50% had actually deployed runtime business logic protections. Furthermore, only 29% of security staff are fully trained to detect and manage these types of attacks.

Documentation and audit processes are also lagging. Only 6% of respondents have full documentation for all of their APIs, which poses an additional challenge for maintaining visibility and control. Additionally, half of those surveyed reported not knowing what third-party code is being used by their web applications, where sensitive data may be leaked to external services, or at what points malicious scripts and services are introduced into their systems.

Operational and compliance pressures

Other findings indicate growing concerns over resilience and regulatory compliance. Only 16% of respondents are confident in their protection against data breach attempts involving third-party code running on web applications. The commercial impact of attacks remains high, with downtime due to distributed denial of service (DDoS) attacks costing organisations an average of USD $6,100 per minute—equivalent to USD $366,000 per hour.

Compliance with numerous international regulations continues to place heavy demands on organisations. An average of 54% surveyed said they have high or extreme concern about compliance obligations spanning NIS2, HIPAA, SEC regulations, PCI DSS 4, GDPR, DORA, and SOX.

Survey methodology

The survey, conducted in partnership with Osterman Research, collected responses from a range of professionals including compliance, risk and data privacy officers, vice presidents of research and development, network security administrators, and API architects. Participants were drawn from nine countries located in North America, EMEA, APAC, and LATAM regions.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
CrowdStrike Falcon boosts AWS security with faster AI incident response
AI traffic system in Pune boosts safety & transparency in city
BlackLine appoints Sam Balaji to Board for global growth drive
CommScope unveils AI-powered Wi-Fi 7 for all hotel types
Vertiv names Mike Giresi as global CIO to drive AI strategy
Top stories
Pascal Zammit joins FourKites to drive AI supply chain growth
Chris Burgess appointed CEO as CTI Digital targets UK expansion
NiCE & Snowflake partner to boost secure AI-driven data sharing
UK firms underprepared for AI risks as CyXcel launches DRM tool
Gartner: AI agents set to automate half of decisions by 2027