top of page
Search
Writer's pictureService Ventures Team

30 Cyber Security Stats



Vulnerable applications continue to be the top attack vector in externally caused security breaches at many enterprise organizations. In a 2019 Forrester Research survey, 42% of organizations that had experienced an external attack blamed the incident on a software security flaw, and 35% said it had resulted from a buggy web application. Organizational efforts to tackle the problem using today's app sec tools are being complicated by the increasing use of open-source components in enterprise apps, accelerating software delivery times and a constantly expanding attack surface.


Here are 30 data points, including analyst, vendor, and research reports and white papers, that provide a snapshot of the current state of application security.

Security Vulnerability Stats

13,319: Number of vulnerabilities detected in 2019, in 1,607 apps

19.8%: Reduction in vulnerabilities disclosed, from Q1 2019 to Q1 2020

60.5%: Percentage of vulnerabilities in 2019 that were remotely exploitable

42%: Percentage of vulnerabilities in Internet-facing applications that are SQL injection errors

61%: Percentage of tested apps that had at least one high- or critical-severity vulnerability not listed in the OWASP Top 10

3.2: Average number of critical application vulnerabilities per website in 2019

83.9%: Percentage of software vulnerabilities that already had a patch available on the day it was publicly disclosed

Web Application Security

20,000: Number of times the average web app was attacked, January and February 2020

26%: Proportion of web app vulnerability-scanning targets from 5,000 websites, web apps, servers, and network devices with high-severity vulnerabilities

36%: Percentage of web application scanning targets with a CSRF flaw

17%: Reduction from 2018 to 2019 in the number of web apps containing critical high-risk vulnerabilities

11%: Percentage of web applications with 15 or more security vulnerabilities, January, and February 2020

The Open Source Factor

33%: Percentage of application security vulnerabilities stemming from embeddable open-source and third-party components

99%: Proportion of 1,253 commercial codebases analyzed in 2019 from across 17 industries with open-source code

75%: Percentage of commercial codebases with at least one security vulnerability

445: Average number of open-source components per commercial codebase analyzed

The State of DevSecOps

50%: Average number of apps always vulnerable to exploitation at organizations that have not adopted DevSecOps

89%: Percentage of IT respondents who said security and dev teams need to be in closer contact to create a true DevOps culture

58%: Percentage of respondents who said setting common goals can help drive cultural change within IT security, development, and operations teams

8%: Percentage of organizations that have secured at least 75% of their cloud-native apps using DevSecOps

Cloud Native Applications

37%: Percentage of respondents who said API security is their top priority for cloud-native apps

82%: Proportion of organizations with different teams assigned to secure cloud-native applications

Scanning for Vulnerabilities

83%: Percentage of apps with at least one security flaw at initial vulnerability scan

64%: Of bugs found on initial scans of application code, percentage related to information leakage

68: Median number of days required to remediate apps that are scanned less than once per month

Days to Remediate

50.5: Average number of days it took for organizations to remediate critical vulnerabilities in Internet-facing apps

Patching

13%: Percentage of security pros who hadn't patched their web application frameworks at all over the past 12 months

Interactive Application Security Testing (IAST)

32%: Percentage of security decision makers that implemented IAST in their dev environment in 2019

Container Security

37%: Percentage of security pros that plan to implement container security during development

Software Composition Analysis (SCA)

37%: Percentage of organizations that plan to do SCA during development to reduce risk from vulnerable open-source components



Beyond the alarming nature of some of these numbers lies the practical takeaways. For DevOps, QA, and dedicated app sec teams, this is what will move the needle in the right direction. At Service Ventures, we are keeping an eye on founders with interesting startups that are addressing some of the above requirements.



/Service Ventures Team

17 views0 comments

Recent Posts

See All

Comments


bottom of page