STOCK TITAN
  1. Home
  2. News
  3. RDWR
  4. Radware Cyber Survey Uncovers Critical Weaknesses in Application Security Measures

Radware Cyber Survey Uncovers Critical Weaknesses in Application Security Measures

Rhea-AI Impact
(No impact)
Rhea-AI Sentiment
(Negative)
Tags
Rhea-AI Summary
Radware's 2025 Cyber Survey reveals significant vulnerabilities in organizations' application security measures. The study highlights that only 8% of organizations currently use AI-based protection solutions, despite 70% being highly concerned about hackers using AI to create improved hacking tools. API security shows critical gaps, with only 6% of organizations having full API documentation and 50% unaware of third-party code usage in their applications. The survey also found that API usage increased 42% compared to 2023, with organizations using an average of 19 third-party APIs per application. Business logic attacks remain a major concern, with only 29% of security staff fully trained to handle them. Financial implications are significant, with application DDoS attacks costing organizations an average of $6,100 per minute or $366,000 per hour in downtime.
Il Cyber Survey 2025 di Radware evidenzia gravi vulnerabilità nelle misure di sicurezza delle applicazioni delle organizzazioni. Lo studio sottolinea che solo l'8% delle organizzazioni utilizza attualmente soluzioni di protezione basate sull'intelligenza artificiale, nonostante il 70% sia molto preoccupato dall'uso dell'IA da parte degli hacker per creare strumenti di attacco più sofisticati. La sicurezza delle API presenta lacune critiche: solo il 6% delle organizzazioni dispone di una documentazione completa delle API e il 50% non è a conoscenza dell'uso di codice di terze parti nelle proprie applicazioni. Il sondaggio ha inoltre rilevato un aumento del 42% nell'uso delle API rispetto al 2023, con una media di 19 API di terze parti per applicazione. Gli attacchi alla logica di business restano una preoccupazione importante, con solo il 29% del personale di sicurezza completamente formato per gestirli. Le conseguenze finanziarie sono rilevanti, con attacchi DDoS alle applicazioni che costano in media 6.100 dollari al minuto, ovvero 366.000 dollari all'ora di inattività.
La Encuesta Cibernética 2025 de Radware revela vulnerabilidades significativas en las medidas de seguridad de aplicaciones de las organizaciones. El estudio destaca que solo el 8% de las organizaciones utiliza actualmente soluciones de protección basadas en inteligencia artificial, a pesar de que el 70% está muy preocupado por el uso de IA por parte de hackers para crear herramientas de ataque mejoradas. La seguridad de las API muestra brechas críticas: solo el 6% de las organizaciones cuenta con documentación completa de sus API y el 50% desconoce el uso de código de terceros en sus aplicaciones. La encuesta también encontró un aumento del 42% en el uso de API en comparación con 2023, con un promedio de 19 API de terceros por aplicación. Los ataques a la lógica de negocio siguen siendo una gran preocupación, con solo el 29% del personal de seguridad completamente capacitado para manejarlos. Las implicaciones financieras son significativas, con ataques DDoS a aplicaciones que cuestan en promedio 6,100 dólares por minuto o 366,000 dólares por hora de inactividad.
Radware의 2025년 사이버 설문조사는 조직의 애플리케이션 보안 조치에 심각한 취약점이 있음을 밝힙니다. 조사에 따르면 AI 기반 보호 솔루션을 사용하는 조직은 단 8%에 불과하지만, 70%는 해커들이 AI를 이용해 고도화된 해킹 도구를 만드는 것에 대해 크게 우려하고 있습니다. API 보안에는 중대한 허점이 있으며, 조직의 6%만이 완전한 API 문서를 보유하고 있고 50%는 자사 애플리케이션에 타사 코드 사용 여부를 알지 못합니다. 설문조사에 따르면 2023년 대비 API 사용이 42% 증가했으며, 조직당 애플리케이션당 평균 19개의 타사 API를 사용하고 있습니다. 비즈니스 로직 공격은 여전히 주요 우려 사항으로, 보안 인력 중 29%만이 이를 완전히 대응할 수 있도록 교육받았습니다. 재정적 영향도 크며, 애플리케이션 DDoS 공격으로 인한 다운타임 비용은 분당 평균 6,100달러, 시간당 366,000달러에 달합니다.
L'enquête cybersécurité 2025 de Radware révèle des vulnérabilités importantes dans les mesures de sécurité des applications des organisations. L'étude souligne que seulement 8 % des organisations utilisent actuellement des solutions de protection basées sur l'intelligence artificielle, bien que 70 % soient très préoccupées par l'utilisation de l'IA par les hackers pour créer des outils de piratage améliorés. La sécurité des API présente des lacunes critiques : seulement 6 % des organisations disposent d'une documentation complète des API et 50 % ignorent l'utilisation de code tiers dans leurs applications. L'enquête a également révélé une augmentation de 42 % de l'utilisation des API par rapport à 2023, avec une moyenne de 19 API tierces par application. Les attaques sur la logique métier restent une préoccupation majeure, seulement 29 % du personnel de sécurité étant pleinement formé pour y faire face. Les conséquences financières sont importantes, les attaques DDoS sur les applications coûtant en moyenne 6 100 dollars par minute, soit 366 000 dollars par heure d'indisponibilité.
Die Cyber-Umfrage 2025 von Radware zeigt erhebliche Schwachstellen in den Anwendungssicherheitsmaßnahmen von Organisationen auf. Die Studie hebt hervor, dass derzeit nur 8 % der Organisationen KI-basierte Schutzlösungen verwenden, obwohl 70 % große Sorgen darüber haben, dass Hacker KI nutzen, um verbesserte Hacking-Tools zu entwickeln. Die API-Sicherheit weist kritische Lücken auf: Nur 6 % der Organisationen verfügen über eine vollständige API-Dokumentation, und 50 % wissen nicht, dass Drittanbieter-Code in ihren Anwendungen verwendet wird. Die Umfrage ergab außerdem, dass die API-Nutzung im Vergleich zu 2023 um 42 % gestiegen ist, wobei Organisationen durchschnittlich 19 Drittanbieter-APIs pro Anwendung einsetzen. Angriffe auf die Geschäftslogik bleiben ein großes Problem, da nur 29 % des Sicherheitspersonals vollständig geschult sind, um damit umzugehen. Die finanziellen Auswirkungen sind erheblich: DDoS-Angriffe auf Anwendungen kosten die Organisationen durchschnittlich 6.100 US-Dollar pro Minute bzw. 366.000 US-Dollar pro Stunde Ausfallzeit.
Positive
  • 80% of organizations plan to implement AI-based cybersecurity solutions within the next 12 months
  • 81% of respondents recognize the importance of having real-time protection measures for business logic attacks
Negative
  • Only 8% of organizations currently use AI-based protection solutions
  • Only 6% of respondents have full documentation for all their APIs
  • 50% of organizations don't know what third-party code is being used in their applications
  • Only 29% of security staff are fully trained to handle API business logic attacks
  • Only 16% of respondents are confident in their protection against third-party services code breaches
  • DDoS attacks cause significant financial damage, averaging $366,000 per hour in downtime
  • Only 8% of organizations use AI-based protection solutions
  • Just 6% of respondents have full documentation for all their APIs
  • Half of respondents don’t know what third-party code is being used by their apps
  • Only 29% of security staff are fully trained to handle API business logic attacks

MAHWAH, N.J., June 12, 2025 (GLOBE NEWSWIRE) -- Radware® (NASDAQ: RDWR), a global leader in application security and delivery solutions for multi-cloud environments, today released its new report, 2025 Cyber Survey: Application Security at a Breaking Point. The survey reveals threat areas of rapidly growing concern as organizations’ cyber defenses lag well behind. This includes a major lack of protection against AI threats, as well as API and business logic attacks, among others.

“The weaponization of AI by malicious actors is intensifying cybersecurity threats and drawing even more attention to areas where companies are simply ill-protected,” said Shira Sagiv, Radware’s vice president of product portfolio. “Internal alarms should be sounding. Companies openly admit to major concerns about gaps in cyber protection and lack of readiness, especially around web applications and APIs; yet their usage continues to climb creating even more risk and exposure.”

KEY FINDINGS

The scramble is on to catch up with AI
According to the report, the use of AI to improve and intensify hacking tradecraft is of greatest concern. Organizations have significant concerns about threat actors using AI to generate new attacks at a faster cadence, bypassing existing defenses and compromising areas that were previously too difficult to attack.

  • Top concerns: The following percentage of respondents are highly or extremely concerned about hackers using AI:
    • To create/improve hacking tools – 70%.
    • To generate a larger volume of cyberattacks – 67%.
    • To launch new zero-day attack vectors – 66%.
  • Large readiness gap: Despite the concerns about hackers embracing AI, only 8% of organizations are currently using AI-based solutions for defenses.
  • AI adoption: Four out of five organizations plan to implement AI-based cybersecurity solutions within the next 12 months.

Security fails to keep up with sprawling API ecosystems
APIs are in a constant state of fluctuation. Organizations are increasing their use of APIs even while they remain ill-protected.

  • Surge in API usage and updates: In 2025, API usage is up 42% compared to the highest rate of usage in 2023, with multiple daily updates to APIs surging 6X during the same time frame.
  • Widespread third-party usage: On average, organizations are using 19 third-party APIs per application, which introduces new types of threats around data compromise that cannot be mitigated at a coding level.
  • Poor business logic attack mitigation: Business logic attacks, a common form of API attacks, represent a threat area of rapidly growing concern. While 81% of respondents say it is very or extremely important to have real-time protection measures in place:
    • Just half have deployed runtime business logic protections.
    • Only 29% have security staff fully trained to detect and mitigate these attacks.
  • Lack of preparedness:
    • On average, only 6% of respondents have full documentation for all their APIs.
    • Half of respondents don’t know what third-party code is being used by their web applications, which data is being leaked to third-party services, and when malicious scripts and services are introduced.

Risks to resilience continue to rise
Survey respondents expressed a lack of confidence in the effectiveness of their defensive posture against growing threats.

  • Third-party breaches: Only 16% of respondents are confident in their current protection against data breach attempts of third-party services code running on their web applications.
  • Costly DDoS disruptions: Downtime caused by an application DDoS attack averages $6,100 per minute or $366,000 per hour.
  • High compliance pressures: An average of 54% of respondents express high or extreme concern about a range of regulations, including NIS2, HIPAA, SEC, PCI DSS 4, GDPR, DORA, and SOX.

Methodology
The survey, which was conducted with Osterman Research, includes responses from compliance, chief risk, and data privacy officers; vice presidents of research and development; senior network security administrators; senior DevOps and DevSecOps administrators; cloud security; API architects; among other titles. The survey was conducted in nine countries across North America, EMEA, APAC, and LATAM.

Radware’s complete 2025 Cyber Survey: Application Security at a Breaking Point can be downloaded here.

About Radware
Radware® (NASDAQ: RDWR) is a global leader in application security and delivery solutions for multi-cloud environments. The company’s cloud application, infrastructure, and API security solutions use AI-driven algorithms for precise, hands-free, real-time protection from the most sophisticated web, application, and DDoS attacks, API abuse, and bad bots. Enterprises and carriers worldwide rely on Radware’s solutions to address evolving cybersecurity challenges and protect their brands and business operations while reducing costs. For more information, please visit the Radware website.

Radware encourages you to join our community and follow us on: Facebook, LinkedIn, Radware Blog, X, and YouTube.

©2025 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents, and pending patent applications of Radware in the U.S. and other countries. For more details, please see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.

THIS PRESS RELEASE AND THE 2025 CYBER SURVEY: APPLICATION SECURITY AT A BREAKING POINT ARE PROVIDED FOR INFORMATIONAL PURPOSES ONLY. THESE MATERIALS ARE NOT INTENDED TO BE AN INDICATOR OF RADWARE'S BUSINESS PERFORMANCE OR OPERATING RESULTS FOR ANY PRIOR, CURRENT, OR FUTURE PERIOD.

Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.

The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.

Safe Harbor Statement
This press release includes “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements made herein that are not statements of historical fact, including statements about Radware’s plans, outlook, beliefs, or opinions, are forward-looking statements. Generally, forward-looking statements may be identified by words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plans,” and similar expressions or future or conditional verbs such as “will,” “should,” “would,” “may,” and “could.” For example, when we say in this press release that the weaponization of AI by malicious actors is intensifying cybersecurity threats and drawing even more attention to areas where companies are simply ill-protected and that their usage continues to climb creating even more risk and exposure, we are using forward-looking statements. Because such statements deal with future events, they are subject to various risks and uncertainties, and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware’s current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions, including as a result of the state of war declared in Israel in October 2023 and instability in the Middle East, the war in Ukraine, tensions between China and Taiwan, financial and credit market fluctuations (including elevated interest rates), impacts from tariffs or other trade restrictions, inflation, and the potential for regional or global recessions; our dependence on independent distributors to sell our products; our ability to manage our anticipated growth effectively; our business may be affected by sanctions, export controls, and similar measures, targeting Russia and other countries and territories, as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries; the ability of vendors to provide our hardware platforms and components for the manufacture of our products; our ability to attract, train, and retain highly qualified personnel; intense competition in the market for cybersecurity and application delivery solutions and in our industry in general, and changes in the competitive landscape; our ability to develop new solutions and enhance existing solutions; the impact to our reputation and business in the event of real or perceived shortcomings, defects, or vulnerabilities in our solutions, if our end-users experience security breaches, or if our information technology systems and data, or those of our service providers and other contractors, are compromised by cyber-attackers or other malicious actors or by a critical system failure; our use of AI technologies that present regulatory, litigation, and reputational risks; risks related to the fact that our products must interoperate with operating systems, software applications and hardware that are developed by others; outages, interruptions, or delays in hosting services; the risks associated with our global operations, such as difficulties and costs of staffing and managing foreign operations, compliance costs arising from host country laws or regulations, partial or total expropriation, export duties and quotas, local tax exposure, economic or political instability, including as a result of insurrection, war, natural disasters, and major environmental, climate, or public health concerns; our net losses in the past and the possibility that we may incur losses in the future; a slowdown in the growth of the cybersecurity and application delivery solutions market or in the development of the market for our cloud-based solutions; long sales cycles for our solutions; risks and uncertainties relating to acquisitions or other investments; risks associated with doing business in countries with a history of corruption or with foreign governments; changes in foreign currency exchange rates; risks associated with undetected defects or errors in our products; our ability to protect our proprietary technology; intellectual property infringement claims made by third parties; laws, regulations, and industry standards affecting our business; compliance with open source and third-party licenses; complications with the design or implementation of our new enterprise resource planning (“ERP”) system; our reliance on information technology systems; our ESG disclosures and initiatives; and other factors and risks over which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, refer to Radware’s Annual Report on Form 20-F, filed with the Securities and Exchange Commission (SEC), and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware’s public filings are available from the SEC’s website at www.sec.gov or may be obtained on Radware’s website at www.radware.com.

Media Contact:
Gerri Dyrek
Radware
Gerri.Dyrek@radware.com

Photos accompanying this announcement are available at

https://www.globenewswire.com/NewsRoom/AttachmentNg/f5342914-5ae1-430e-a838-b75e663c5eb4

https://www.globenewswire.com/NewsRoom/AttachmentNg/83a75b37-0294-485f-a2b8-c968fd9fce15

https://www.globenewswire.com/NewsRoom/AttachmentNg/08209312-e0da-48d4-a5aa-aa7deea6b77d


FAQ

What are the key findings of Radware's 2025 Cyber Survey regarding AI security?

The survey found that only 8% of organizations use AI-based protection solutions, while 70% are highly concerned about hackers using AI to create improved hacking tools. 80% plan to implement AI-based security within 12 months.

How much does a DDoS attack cost companies according to Radware's 2025 survey?

According to the survey, downtime caused by an application DDoS attack costs organizations an average of $6,100 per minute or $366,000 per hour.

What are the main API security concerns revealed in Radware's 2025 report?

The survey revealed that only 6% of organizations have full API documentation, 50% don't know their third-party code usage, and organizations use an average of 19 third-party APIs per application, with API usage up 42% from 2023.

How prepared are organizations for business logic attacks according to RDWR's survey?

The survey shows poor preparedness, with only 29% of security staff fully trained to handle business logic attacks, despite 81% of respondents saying real-time protection is very important.

What percentage of organizations are confident in their third-party service protection according to Radware?

Only 16% of respondents expressed confidence in their current protection against data breach attempts of third-party services code running on their web applications.
Stock RDWR logo
Radware Ltd

NASDAQ:RDWR

RDWR Rankings

#2510 Ranked by Market Cap
N/A Ranked by Dividends

RDWR Latest News

Jun 2, 2025
Radware Expands its Threat Intelligence Services
May 27, 2025
Radware Recognizes Bell Canada and Presidio as Partners of the Year
May 21, 2025
Radware Recognized as a Leader and Fast Mover in the GigaOm Radar for Application and API Security
May 20, 2025
Radware and MAIRE Team Up to Deliver Managed Security Services
May 7, 2025
After Strong Quarter, Radware Announces U.S. Expansion

RDWR Stock Data

1.02B
37.69M
14.7%
76.46%
1%
Software - Infrastructure
Technology
Link
Israel
Tel Aviv

Related Articles

Continue reading with these related stories

View All Latest News