New Akamai Study Reveals API Security Incidents Cost APAC Enterprises Over US$580,000 on Average in the Past Year

Application Security | Reports & Predictions | Security Operations

Internal disconnects, poor visibility, and misaligned priorities leave organisations vulnerable to costly API security incidents

Posted: Wednesday, May 07

KBI.Media
$
New Akamai Study Reveals API Security Incidents Cost APAC Enterprises Over US$580,000 on Average in the Past Year

New Akamai Study Reveals API Security Incidents Cost APAC Enterprises Over US$580,000 on Average in the Past Year

Akamai Technologies (NASDAQ: AKAM), the cybersecurity and cloud computing company that powers and protects business online, today released the latest 2025 API Security Impact Study, an in-depth Asia-Pacific study exploring the hidden vulnerabilities, financial impacts, and operational challenges caused by application programming interface (API) security incidents in the region’s largest economies. Based on the study, despite a growing awareness of API vulnerabilities, the commitment to API security from senior leadership and security teams across the region has not kept pace, resulting in costly API attacks that underscore the urgent need to reach a consensus on where API security fits into their cybersecurity priorities.

The study, which surveyed more than 800 IT and security professionals across China, India, Japan, and Australia, paints a stark picture of the escalating risks enterprises face from insecure APIs. With APIs now the backbone of modern digital infrastructure, 85% of organisations in the region reported at least one API-related security incident in the past 12 months. The financial impact is equally concerning, with the average estimated cost of API security incidents reaching more than US$580,000 across the surveyed markets. However, many enterprises still lack visibility into their API ecosystems and the sensitive data they expose.

Reuben Koh, Director of Security Strategy for APJ, at Akamai Technologies

“APIs have become mission-critical, powering everything from mobile banking to connected vehicles. But our research shows that organisations across Asia-Pacific are struggling to secure them,” said Reuben Koh, Director of Security Technology & Strategy, Akamai Technologies, Asia-Pacific & Japan. “It is crucial for organisations to reach a consensus on the root cause, impact, and priority levels of API security incidents so that they can implement holistic security strategies to protect critical APIs from development to runtime.”

Key Findings For Asia-Pacific

China leads in API security prioritisation, but gaps remain: Chinese respondents were the only group to rank “securing APIs from threat actors” as their top cybersecurity priority. However, cost perceptions varied widely, with C-suite executives estimating API incident costs at CN¥3.75 million (US$517,000) and front-line security staff estimating it closer to CN¥6.7 million (US$925,000).
India reveals sharp internal disconnects: While 77% of Indian C-suite leaders claimed to have full API inventories, only 41% of AppSec professionals agreed. This disconnect extends to sensitive data awareness, with just 11% of AppSec teams confident that they know which APIs return sensitive data.
Japan deprioritises API risks despite industry exposure: API security ranked just fourth on the country’s cybersecurity priority list, even as 96% of organisations in energy and retail industries reported recent API incidents. Japanese AppSec teams cited reputational damage with boards and executives as the top consequence.
Australia hit hardest by incidents, but slowest to respond: Australia saw the highest incident rate (95%) and incurred significant financial impacts (AU$493,000 on average) yet had the lowest percentage of organisations regularly conducting comprehensive API vulnerability testing (6%).

A Disconnect Between Risk and Response

Across all four countries, the study reveals a critical gap between perception and reality:

C-suite awareness is high, but operational visibility is low: 92% of APAC executives said their organisations experienced an API incident in the past 12 months, but only 37% of all respondents could confirm that they know which APIs expose sensitive data.
Testing remains inconsistent: Despite high incident rates, only a small percentage of respondents across the region reported real-time API testing, with China at 22%, India at 15%, Japan at 11%, and Australia at 6%.

These disconnects reflect a broader challenge: Organisations are deploying APIs faster than they can secure them, creating fertile ground for attackers. “The problem is no longer theoretical. API abuse is happening right now, with real financial and reputational costs,” added Koh. “Leadership teams must close the gap with security and AppSec professionals working closer together and invest in the right tools, processes, and alignment to protect this critical technology.

Compliance Wake-up Call

The study also found that while the majority of organisations factor API security into their compliance programs, few are doing so holistically. Only 41% incorporateAPIs into risk assessments, and just 40% factor APIs into reporting requirements. Japan also lagged behind other countries in the region in recognising API-related compliance requirements, with 22% stating that they do not factor API security into their compliance efforts.

From China’s Data Security Law to Australia’s Consumer Data Right regulation, the need to account for API risks in compliance and security frameworks is growing rapidly. As APIs become the connective tissue of digital business, securing them requires a deliberate, end-to-end approach. The study offers recommendations that organisations across Asia-Pacific should prioritise to build lasting resilience, including undertaking a full inventory of APIs, regular testing to ensure APIs are coded correctly, implementing runtime detection to differentiate between “normal” and “abnormal” API activity, and more.

To access the in-depth research, download the full study.