What's Happening?
A recent report by Thales' Imperva business has revealed a significant increase in API-related security incidents, with 40,000 incidents recorded in the first half of 2025. The report highlights that APIs are increasingly targeted by advanced bot traffic, which now accounts for 44% of such activity. Key findings include a 40% rise in credential-stuffing and account takeover attempts, with financial services, telecoms, and travel sectors being the most affected. The report also notes that shadow APIs remain a major security blind spot, with organizations often unaware of 10-20% of their active APIs.
Why It's Important?
The surge in API threats underscores the growing vulnerability of digital infrastructures that rely heavily on APIs for operations. As APIs become integral to real-time transactions and data exchanges, their security is paramount to safeguarding sensitive information and maintaining trust. The financial services sector, in particular, faces heightened risks due to its reliance on APIs for transactions. The report's findings highlight the need for organizations to implement robust security measures, such as adaptive multi-factor authentication, to protect against sophisticated cyber threats.
What's Next?
Organizations are urged to take immediate action to secure their API endpoints and enhance their cybersecurity frameworks. The report predicts that API attacks will continue to rise, potentially reaching over 80,000 incidents by the end of 2025. Companies must prioritize the discovery and protection of all live API endpoints, employing context-aware defenses to mitigate risks. As cyber threats evolve, businesses will need to stay ahead by investing in advanced security technologies and strategies to protect their digital assets and ensure compliance with regulatory standards.
