Leading enterprises in all industries are delivering new mobile experiences, leveraging the cloud and big data analytics, and digitising their processes. As a result, applications are now the driver of economic growth, and all enterprises are becoming digital businesses. The IDG study showed that, on average, enterprises are internally developing 2,500 applications a year.
On average, however, UK companies are investing 21 per cent less in app security than US companies of equal size. It is also suggested that in the UK, 66 per cent of internally developed applications remain untested for critical vulnerabilities such as SQL injection.
And in addition to lower spending on application security, UK companies are more likely to focus their application security programmes on only a subset of business-critical apps, rather than the entire application portfolio.
Conversely, US organisations are more likely to issue mandates for enterprise-wide application security assessment programmes making programmes at US enterprises, on average, more mature than those at UK enterprises.
When application security programmes do not extend beyond business-critical applications, enterprises leave thousands of applications vulnerable. This creates long-term security threats as cyber-criminals attack the path of least resistance into an IT infrastructure, without regard to whether the application was business-critical or a little-used web application.