Enterprises are increasingly falling victim to cyberattacks through the application layer. In fact, the U.S. Department of Homeland Security recently reported that 90% of security incidents result from exploits against defects in software. And these breaches are doing significant damage. From cleanup costs to lost customers, the expenses after a breach add up quickly. Specifically, the Verizon Data Breach Investigations report found that the cost of a data breach involving 10 million records will fall between $2.1 million and $5.2 million.
This trend is definitely troubling for security professionals. According to the biennial Global Information Security Workforce Study published by the International Information Systems Security Certification Consortium (ISC)2, application vulnerabilities continue to top security professionals' list of worries. However, the concerns have not translated into adopting secure development practices. The same study found that 30 percent of companies never scanned for vulnerabilities during code development.
The reasons behind the lag in application security adoption vary, but most stem from misconceptions about the cost and complexity involved. Whatever the reasons, the bottom line is that the risk of an app-layer breach is high, and you need to implement an application security program to protect your organization.