A Checkmarx survey also found 43% of respondents claimed to have suffered a software supply chain attack over the last 12 months
LONDON, UK – March 09, 2022 – Checkmarx, the global leader in developer-centric application security testing (AST) solutions, today released the UK findings of its report “AppSec: The View from Security and Software Development Experts,” found that 45% of organisations have suffered at least two security breaches as a direct result of a vulnerable application. Alongside this, the report discovered over a third (34%) of UK organisations who had experienced a security breach relating to an application in the year preceding the survey have laid off employees seen as bearing responsibility.
Respondents of the survey, which was commissioned to spotlight the biggest security challenges that application security (AppSec) managers and software developers are facing in today’s threat landscape, also noted those who often bear the most responsibility for the security of applications as software developers (39%), and application security managers (32%). Only 10% stated CISOs or CSOs as those with the most responsibility within their organisation.
Given almost half (45%) of respondents – which consisted of AppSec managers and software developers in UK organisations of over 1,000 employees – reported being breached twice in the last 12 months. With 22% having been breached three times, the survey has made it clear that security teams may be at risk, with organisations not adverse to penalising those deemed responsible for such security breaches.
The survey also looked at what led to these breaches, with 43% of respondents stating they suffered a software supply chain attack, an attack vector known to be a firm favourite among malicious threat actors. Other factors which contributed to breaches include cloud application misconfigurations (40%), malicious third-party packages or components (39%), and known, but unpatched, vulnerabilities (38%).
This data tells us that organisations can directly influence the likelihood of breaches by taking care of what’s in their control. Those who don’t will suffer negative business impacts, with respondents reporting these to be theft or loss of customer data (40%), loss of customers (39%), decline in customer trust (34%), intellectual property theft or loss (33%), and loss of revenue (32%).
Positively though, there is much to be learned from the breaches that happened over the last year and respondents believe greater application security – and therefore, overall security – can be achieved in 2022. The solutions to doing so, according to respondents, include having clear roles and responsibilities for AppSec managers and developers, having closer alignment between AppSec managers and developers, the better integration of application security testing solutions, and ensuing a commitment to improving the overall approach to ‘building in’ security during software development.
Report findings are based on online survey input from two samples of 308 AppSec managers and software developers, collected in the UK. You can also learn how the Checkmarx Application Security Platform™ secures every stage of the development life cycle.
Methodology
Independent research consultancy Censuswide conducted research on behalf of Checkmarx, the global leader in developer-centric Application Security Testing solutions, in August and September 2021, with two separate panels as well as combined data.
- : 754 AppSec managers in companies with 1,000+ employees with in-house software development in the US, UK, France, Germany, Switzerland, Austria, Australia, and New Zealand between August 10 and 27, 2021.
- 770 software developers in companies with 1,000+ employees with in-house software development in the US, UK, France, APAC, and DACH between August 10 and 31, 2021.
- : 1,524 AppSec managers and software developers across the US, UK, France, APAC, and DACH between August 10 and September 13, 2021.
Censuswide abides by and employs members of the Market Research Society, which abides by the principles of the ICC/ESOMAR code.
All percentages shown in this report are rounded to the nearest whole number.
About Checkmarx
Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers while giving CISOs the confidence and control they need. As the AppSec testing leader, we provide the industry’s most comprehensive solutions, giving development and security teams unparalleled accuracy, coverage, visibility, and guidance to reduce risk across all components of modern software—including proprietary code, open source, APIs, and infrastructure as code. Over 1,600 customers, including half of the Fortune 50, trust our security technology, expert research, and global services to securely optimize development at speed and scale. For more information, visit the Checkmarx website, check out the blog, or follow the company on LinkedIn.
Media Contacts
Dani Kerby, Brands2Life on behalf of Checkmarx
+44 (0) 20 7592 1200
