This morning, CrowdStrike released its inaugural 2024 State of Application Security Survey, which found that only half (54%) of major code changes go through security reviews, and the estimated annual cost of security reviews is $1,167,000.
It’s a shocking picture when you consider 8 of the top 10 data breaches in 2023 were related to cloud applications, exposing almost 1.7 billion records.
Other major takeaways include:
- Security teams are using too many tools, and yet they still use manual processes to inventory and catalog APIs and applications.
- 90% use 3+ tools to detect and prioritize application vulnerabilities and threats
- 74% rely on documentation and 68% rely on spreadsheets
- Prioritizing what to fix first is a top challenge.
- 61% of AppSec professionals cite prioritizing fixes as their top challenge working with developers.
- Remediation is slow, leaving gaps for adversaries to exploit.
- 70% of incidents take 12+ hours to resolve (while at the same time, adversary breakout times have fallen to as little as seven minutes).
Feel free to check out the full findings here.