- Only 8% of organizations use AI-based protection solutions
- Just 6% of respondents have full documentation for all their APIs
- Half of respondents don’t know what third-party code is being used by their apps
- Only 29% of security staff are fully trained to handle API business logic attacks
MAHWAH, N.J., June 12, 2025 (GLOBE NEWSWIRE) — Radware® (NASDAQ: RDWR), a global leader in application security and delivery solutions for multi-cloud environments, today released its new report, 2025 Cyber Survey: Application Security at a Breaking Point. The survey reveals threat areas of rapidly growing concern as organizations’ cyber defenses lag well behind. This includes a major lack of protection against AI threats, as well as API and business logic attacks, among others.
“The weaponization of AI by malicious actors is intensifying cybersecurity threats and drawing even more attention to areas where companies are simply ill-protected,” said Shira Sagiv, Radware’s vice president of product portfolio. “Internal alarms should be sounding. Companies openly admit to major concerns about gaps in cyber protection and lack of readiness, especially around web applications and APIs; yet their usage continues to climb creating even more risk and exposure.”
KEY FINDINGS
The scramble is on to catch up with AI
According to the report, the use of AI to improve and intensify hacking tradecraft is of greatest concern. Organizations have significant concerns about threat actors using AI to generate new attacks at a faster cadence, bypassing existing defenses and compromising areas that were previously too difficult to attack.
-
Top concerns: The following percentage of respondents are highly or extremely concerned about hackers using AI:
- To create/improve hacking tools – 70%.
- To generate a larger volume of cyberattacks – 67%.
- To launch new zero-day attack vectors – 66%.
- Large readiness gap: Despite the concerns about hackers embracing AI, only 8% of organizations are currently using AI-based solutions for defenses.
- AI adoption: Four out of five organizations plan to implement AI-based cybersecurity solutions within the next 12 months.
Security fails to keep up with sprawling API ecosystems
APIs are in a constant state of fluctuation. Organizations are increasing their use of APIs even while they remain ill-protected.
- Surge in API usage and updates: In 2025, API usage is up 42% compared to the highest rate of usage in 2023, with multiple daily updates to APIs surging 6X during the same time frame.
- Widespread third-party usage: On average, organizations are using 19 third-party APIs per application, which introduces new types of threats around data compromise that cannot be mitigated at a coding level.
-
Poor business logic attack mitigation: Business logic attacks, a common form of API attacks, represent a threat area of rapidly growing concern. While 81% of respondents say it is very or extremely important to have real-time protection measures in place:
- Just half have deployed runtime business logic protections.
- Only 29% have security staff fully trained to detect and mitigate these attacks.
-
Lack of preparedness:
- On average, only 6% of respondents have full documentation for all their APIs.
- Half of respondents don’t know what third-party code is being used by their web applications, which data is being leaked to third-party services, and when malicious scripts and services are introduced.
Risks to resilience continue to rise
Survey respondents expressed a lack of confidence in the effectiveness of their defensive posture against growing threats.
- Third-party breaches: Only 16% of respondents are confident in their current protection against data breach attempts of third-party services code running on their web applications.
- Costly DDoS disruptions: Downtime caused by an application DDoS attack averages $6,100 per minute or $366,000 per hour.
-
High
compliance
pressures: An average of 54% of respondents express high or extreme concern about a range of regulations, including NIS2, HIPAA, SEC, PCI DSS 4, GDPR, DORA, and SOX.
Methodology
The survey, which was conducted with Osterman Research, includes responses from compliance, chief risk, and data privacy officers; vice presidents of research and development; senior network security administrators; senior DevOps and DevSecOps administrators; cloud security; API architects; among other titles. The survey was conducted in nine countries across North America, EMEA, APAC, and LATAM.
Radware’s complete 2025 Cyber Survey: Application Security at a Breaking Point can be downloaded here.
About Radware
Radware
® (NASDAQ: RDWR) is a global leader in application security and delivery solutions for multi-cloud environments. The company’s cloud application, infrastructure, and API security solutions use AI-driven algorithms for precise, hands-free, real-time protection from the most sophisticated web, application, and DDoS attacks, API abuse, and bad bots. Enterprises and carriers worldwide rely on Radware’s solutions to address evolving cybersecurity challenges and protect their brands and business operations while reducing costs. For more information, please visit the Radware website.
Radware encourages you to join our community and follow us on: Facebook, LinkedIn, Radware Blog, X, and YouTube.
©2025 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents, and pending patent applications of Radware in the U.S. and other countries. For more details, please see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.
THIS PRESS RELEASE AND THE 2025 CYBER SURVEY: APPLICATION SECURITY AT A BREAKING POINT ARE PROVIDED FOR INFORMATIONAL PURPOSES ONLY. THESE MATERIALS ARE NOT INTENDED TO BE AN INDICATOR OF RADWARE’S BUSINESS PERFORMANCE OR OPERATING RESULTS FOR ANY PRIOR, CURRENT, OR FUTURE PERIOD.
Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.
The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.
Safe Harbor Statement
This press release includes “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements made herein that are not statements of historical fact, including statements about Radware’s plans, outlook, beliefs, or opinions, are forward-looking statements. Generally, forward-looking statements may be identified by words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plans,” and similar expressions or future or conditional verbs such as “will,” “should,” “would,” “may,” and “could.” For example, when we say in this press release that the weaponization of AI by malicious actors is intensifying cybersecurity threats and drawing even more attention to areas where companies are simply ill-protected and that their usage continues to climb creating even more risk and exposure, we are using forward-looking statements. Because such statements deal with future events, they are subject to various risks and uncertainties, and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware’s current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions, including as a result of the state of war declared in Israel in October 2023 and instability in the Middle East, the war in Ukraine, tensions between China and Taiwan, financial and credit market fluctuations (including elevated interest rates), impacts from tariffs or other trade restrictions, inflation, and the potential for regional or global recessions; our dependence on independent distributors to sell our products; our ability to manage our anticipated growth effectively; our business may be affected by sanctions, export controls, and similar measures, targeting Russia and other countries and territories, as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries; the ability of vendors to provide our hardware platforms and components for the manufacture of our products; our ability to attract, train, and retain highly qualified personnel; intense competition in the market for cybersecurity and application delivery solutions and in our industry in general, and changes in the competitive landscape; our ability to develop new solutions and enhance existing solutions; the impact to our reputation and business in the event of real or perceived shortcomings, defects, or vulnerabilities in our solutions, if our end-users experience security breaches, or if our information technology systems and data, or those of our service providers and other contractors, are compromised by cyber-attackers or other malicious actors or by a critical system failure; our use of AI technologies that present regulatory, litigation, and reputational risks; risks related to the fact that our products must interoperate with operating systems, software applications and hardware that are developed by others; outages, interruptions, or delays in hosting services; the risks associated with our global operations, such as difficulties and costs of staffing and managing foreign operations, compliance costs arising from host country laws or regulations, partial or total expropriation, export duties and quotas, local tax exposure, economic or political instability, including as a result of insurrection, war, natural disasters, and major environmental, climate, or public health concerns; our net losses in the past and the possibility that we may incur losses in the future; a slowdown in the growth of the cybersecurity and application delivery solutions market or in the development of the market for our cloud-based solutions; long sales cycles for our solutions; risks and uncertainties relating to acquisitions or other investments; risks associated with doing business in countries with a history of corruption or with foreign governments; changes in foreign currency exchange rates; risks associated with undetected defects or errors in our products; our ability to protect our proprietary technology; intellectual property infringement claims made by third parties; laws, regulations, and industry standards affecting our business; compliance with open source and third-party licenses; complications with the design or implementation of our new enterprise resource planning (“ERP”) system; our reliance on information technology systems; our ESG disclosures and initiatives; and other factors and risks over which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, refer to Radware’s Annual Report on Form 20-F, filed with the Securities and Exchange Commission (SEC), and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware’s public filings are available from the SEC’s website at
www.sec.gov
or may be obtained on Radware’s website at
www.radware.com
.
Media Contact:
Gerri Dyrek
Radware
[email protected]
Photos accompanying this announcement are available at
https://www.globenewswire.com/NewsRoom/AttachmentNg/f5342914-5ae1-430e-a838-b75e663c5eb4
https://www.globenewswire.com/NewsRoom/AttachmentNg/83a75b37-0294-485f-a2b8-c968fd9fce15
https://www.globenewswire.com/NewsRoom/AttachmentNg/08209312-e0da-48d4-a5aa-aa7deea6b77d
