Consumers value APIs for convenience but worry about risks
APIs power many of today's digital experiences, connecting consumers to businesses and businesses to one another while enabling cross-platform services.
But as APIs spread so do the risks, they have quickly become the attack vector of choice for threat actors who exploit insecure APIs for malicious purposes. A new report from ThreatX takes a detailed look at how API use impacts on consumers.
It finds that while consumers like the convenience offered by APIs 61 percent of respondents don't feel confident that brands prioritize building security into their APIs and associated applications. When asked if brands prioritize the security of their PII, 64 percent of respondents replied 'no' or 'not sure.'
Despite these worries 85 percent of respondents say they grant access for applications to connect with one another and share data. However, 45 percent of respondents say they hesitate before doing so.
Looking at how consumers respond to breaches, 13 percent of respondents report that they would stop using a brand after a data breach. 56 percent though say that they change their login credentials for accounts associated with a brand following a breach. People are more sensitive to certain types of data, however, loss of banking information would cause 72 percent to leave a brand, loss of social security number 68 percent, and credit card number 64 percent.
It's somewhat disheartening that 74 percent of respondents believe that they either have minimal or no influence to encourage brands to take their security more seriously. This despite the fact that 65 percent would consider paying more for an application or tech that was marketed as being secure.
The report's authors conclude, "The data shows that security may actually be a differentiator for brands rather than a hindrance. Investing more time and money into developing a robust security program could be the difference between a confident and brand-loyal consumer, and one that will move on to the next application or piece of software after one too many breaches."
You can read more and get the full report on the ThreatX blog.