A new study by cloud-native application programming interface management company Kong and external economists predicts that API attacks will surge by 996% by 2030, representing a significant escalation in the frequency and intensity of API-related cyber threats.
The study, a collaboration between Kong analysts and Brown University associate professor Christopher Whaley, Ph.D., looked at attacks using APIs as entry points; the frequency of API attacks is expected to rise from 1,241 in 2022 to 13,608 by the end of the decade.
Research also reveals the economic impact of API cyberattacks. As of 2023, the average cost of a security breach is $6.1 million ; this figure includes not only the direct cost of remediation, but also the enormous value lost due to damage to a company's reputation. The study predicts that this average cost will increase to nearly $14.5 million by 2030 , a 95 percent increase.
Additionally, the overall cost of API attacks in the US is currently $10.6 billion; by 2030, this figure will jump to $198 billion per year. To get an idea of the magnitude of the financial threat, the study's authors compared these figures to projected US GDP in 2030. It found that the economic cost of these cyberattacks could amount to 0.6 percent of US GDP. To put that into perspective, the economic damage is more than the combined GDPs of countries like Singapore , Israel and Ireland, respectively.
Marco Palladino, Kong CTO and co-founder, said: “We initiated this research to better understand the risks associated with mismanaged APIs. However, even for us, the results were surprising. Businesses urgently need to adopt best practices, enabling them to continue to build rapidly while providing consistent API governance and stronger API security."
Dr. Christopher Whaley said, "APIs and modern microservice architectures are at the heart of almost all the innovations we have seen in recent years. From generative artificial intelligence to decentralized blockchains, the future applications seem limitless. However, research shows , poorly managed and buggy APIs leave a back door for security threats that have significant personal and macroeconomic consequences."
More details can be found here .