IDG Study Reveals UK Application Security Programs Lagging Behind US

UK enterprises invest less and focus programs only on small subset of business-critical applications


BURLINGTON, Mass. — July 22, 2014 Veracode, the application security company, today announced that research conducted by IDG revealed that UK enterprises are lagging behind US enterprises when it comes to application security programs. The study revealed that on average UK companies are spending approximately 21 percent less than US companies of equal size. The study also found that in the UK, 66 percent of internally developed applications remain untested for critical vulnerabilities such as SQL injection

Leading enterprises in all industries are delivering new mobile experiences, leveraging the Cloud and Big Data analytics, and digitizing their processes. As a result, applications are now the driver of economic growth, and all enterprises are becoming digital businesses. The IDG study showed that, on average, enterprises are internally developing 2,500 applications a year. 

In addition to lower spending on application security, the study also showed that UK companies are more likely to focus their application security programs on only a subset of business-critical apps, rather than the entire application portfolio. Conversely, US organizations are more likely to issue mandates for enterprise-wide application security assessment programs – making programs at US enterprises, on average, more mature than those at UK enterprises. When application security programs do not extend beyond business-critical applications, enterprises leave thousands of applications vulnerable. This creates long-term security threats as cyber-criminals attack the path of least resistance into an IT infrastructure, without regard to whether the application was business-critical or a little-used web application.

“Companies are becoming better at securing their networks and endpoints, causing cyber-criminals to focus their efforts on the application-layer. As a result, more than half of all successful breaches are attributed to application-layer vulnerabilities,” said Adrian Beck, manager of security program management, EMEA. “Closing the security the gap between the numbers of apps being produced and number that are assessed for security will help UK companies remain competitive in the new application economy.”

Veracode’s cloud-based service and programmatic approach has helped many of the UK’s top enterprises scale their application security programs so they can protect more of the applications they are developing and procuring.

The IDG study asked executives at large enterprises about their application security programs and practices. The purpose of this study was to gain a better understanding of the enterprise application security environment, particularly for internally developed applications. The study also forecasted future application development, changes to security budgets, and application security vulnerabilities.