UK lags US in application security investment

Security

UK lags US in application security investment

Warwick Ashford

UK enterprises are lagging behind US enterprises in application security programmes, a study has revealed.

On average UK companies spend 21% less on application security than US companies of equal size, according to an IDG study commissioned by application security checking firm Veracode.

security-binary-290x230-istockphoto-thinkstock.jpg

The study also found that UK enterprises focus their application security programmes only on a small subset of business-critical applications rather than the entire application portfolio.

When it comes to internally developed applications in the UK, two-thirds remain untested for critical vulnerabilities such as SQL injection.

The study found that US organisations are more likely to issue mandates for enterprise-wide application security assessment programmes.

According to the study report, US application security programmes tend to be more mature than those at UK enterprises.

When application security programmes do not extend beyond business-critical applications, the report said, enterprises leave thousands of applications vulnerable.

According to Veracode, this creates long-term security threats as cyber-criminals attack the path of least resistance into an IT infrastructure, regardless of whether an application is business-critical or not.

The company noted that as enterprises become better at securing their networks and endpoints, cyber-criminals are beginning to focus their efforts on the application layer.

“As a result, more than half of all successful breaches are attributed to application-layer vulnerabilities,” said Adrian Beck, manager of security programme management for Europe at Veracode.

“Closing the security gap between the numbers of apps being produced and number that are assessed for security will help UK companies remain competitive in the new application economy,” he said.

Beck said that by identifying critical application-layer threats before cyber-criminals can find and exploit them, enterprises can bring innovation to market faster without sacrificing security.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy