International Cyber Expo International Cyber Expo
  • About Us
Thursday, 16 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Report Finds That 70% of Financial Services and Insurance Companies Have Suffered Rollout Delays Due to API Security

A new report by Salt Security found that 92% of financial services and insurance companies have had security issues in production APIs. Report outlines significant API vulnerabilities and attacker activity.

by Guru Writer
July 19, 2023
in Editor's News
Purple background, slightly open A4 book. Text.
Share on FacebookShare on Twitter

Today, API security company Salt Security released the findings from its first industry-focused report on API security. The report, entitled ‘State of API Security for Financial Services and Insurance’, provides in-depth insight into significant API vulnerabilities and attacker activity within the finance and insurance industries.

The report combines empirical data from Salt customers and findings from two separate surveys to provide an in-depth analysis of the impact of API security threats and vulnerabilities on these industries. The report was compiled using data from their earlier Q1 2023 State of API Security Report, customer data, and the independent State of CISO 2023 survey, as well as vulnerability research from Salt Labs.

The results found that API attackers targeting financial services and insurance APIs have become increasingly active in the last 18 months, with a 244% increase in unique attackers between the first and second halves of last year. In addition, 92% of financial/insurance respondents say they have experienced a significant security issue in production APIs over the past year, and nearly one out of five have suffered an API security breach. Top findings include:

  • 69% of financial services/insurance respondents say they have experienced rollout delays due to API security issues – 11% higher than the overall response average
  • 84% of attacks against financial services/insurance sectors came from “authenticated” users who appeared legitimate but were actually attackers
  • 71% of financial/insurance respondents say their existing tools are not very effective in preventing API attacks
  • More than 25% of respondents say they have no current API strategy
  • 17% of respondents have experienced an API-related security breach

Roey Eliyahu, CEO and co-founder of Salt Security, adds: “APIs are essential for the innovative digital services being delivered today by financial and insurance organizations. However, because these APIs transport sensitive customer and financial information, cyber criminals also know they share a wealth of data that can be leveraged for theft or fraud. The findings show these companies are suffering significant increases in attackers and other security issues, increasing their vulnerability to API-related incidents.”

API security breaches can cost businesses in fines, loss of customer trust, and reputational damage. Also costly are delays in application rollouts or rollbacks of new applications. Given the importance of digital services as a business driver in these industries, API security has become a critical issue, as highlighted by the following findings:

  • 56% of financial services/insurance respondents say API security is now a C-level issue (8% higher versus the overall response average at 48%)
  • 79% of financial services/insurance CISOs say that API security is a higher priority today than two years ago
  • 76% of financial services/insurance CISOs say their organisations have made API security a planned priority over the next two years, with 13% saying it will be a critical priority

“Given the growing importance of APIs over the last several years for enabling modern businesses, it is surprising that API security has become mainstream only recently,” said Jeff Farinich, SVP technology and CISO at New American Funding. “The fact that security frameworks and regulations are slow to evolve is partly to blame, but I see hope on the horizon. The Federal Financial Institutions Examination Council (FFIEC), which usually takes years to issue a new mandate, in just one year explicitly called out APIs as a separate attack surface, requiring financial institutions to inventory, remediate, and secure API connections.”

Financial services/insurance respondents say they are not prepared or taking the right measures to protect APIs from threats:

  • 28% of respondents – all with APIs running in production – say they have no current API strategy
  • Just 13% of respondents consider their API security programs advanced
  • 25% of respondents say their current API security strategy doesn’t focus enough time on documenting APIs
  • Only 42% of respondents identify API security gaps during production/runtime, which is where actual attack activity occurs
  • 42% of respondents have little confidence in understanding which APIs expose PII

Financial services/insurance respondents also cited outdated/zombie APIs as their number one API security concern at 48% – nearly 35% higher than second top API security concern cited, account takeover (ATO).

The full report can be read here.

ShareTweet
Previous Post

New Outpost24 CORE Solution Announced Bringing Visibility, Cyber Resilience & Threat Mitigation

Next Post

Macnica and Dragos Partner to Deliver OT Cybersecurity to CNI and Manufacturing Control Systems in Japan

Recent News

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

July 16, 2026
Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

July 15, 2026
Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

July 15, 2026
Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

July 14, 2026

Eskenzi PR banner ad

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol