New Ponemon Study Reveals Application Security Risk At All Time High: 1 in 2 Enterprises Need Better Protection

Study Highlights

  • SQL Injection has surfaced as the No. 1 attack in 2015 with Top 3 accounting for 95 percent
  • More than half of respondents (51 percent) say their organization is unable to stop or curtail attacks to applications while in production
  • Application security budgets have increased to 16 percent of total, but still don’t align with level of risk

(Graphic: Business Wire)

MENLO PARK, Calif.--()--A new survey from Ponemon Institute finds that nearly 80 percent of enterprises say that their organization's portfolio of applications has become more vulnerable to attacks.

This vulnerability comes as more enterprises are relying on increasing numbers of applications to conduct their business. The survey found that 57 percent of enterprises have between 1000 and 5000 business applications in use throughout their organizations.

Prevoty released this data today through an infographic entitled: Ask a security professional, "Is it safe?"

“This research identifies a gap in application security between the need to release business-critical software and the need to ensure it’s protected from an ever-increasing threat,” said Julien Bellanger, CEO of Prevoty. “Enterprises are demanding high-performance application security solutions at runtime for production environments. They need and want security that operates at the same pace as their business.”

Other key findings from the survey include:

  • 81 percent of respondents believe that moving application delivery platforms to the cloud has resulted in the loss of control and visibility
  • 84 percent agree that it’s difficult to reduce the risk to applications because they’re not able to monitor, detect and prevent attacks at the application level
  • 88 percent say that it’s difficult to remediate vulnerabilities

“Security isn’t a dress rehearsal – enterprises’ biggest worry are hacks to insecure applications,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “Based on more than 600 enterprise professionals surveyed, it is clear that protecting applications in production will be a top business priority in 2016."

The advent of internal and customer-facing applications in business-to-business environments has changed how institutions like banks, retailers or healthcare providers interact with external and internal constituencies. But the pace of development and deployment of those applications – and how critical that development and deployment is to the business – runs counter to the pace of security review and remediation. The result is an ever-increasing number of applications that are vulnerable to security risks and that risk potentially imperils the business itself.

To view the infographic and the related stats, click here.

About the survey: Ponemon Institute surveyed over 600 enterprise IT professionals and was sponsored by Prevoty.

About Prevoty

Prevoty is dedicated to securing enterprises and the users they serve by monitoring and protecting the applications at runtime that are the heart of modern business. Prevoty was founded in 2013 and is headquartered in Menlo Park, California. For more information on the company's application security solutions, go to or follow @Prevoty on Twitter.

About Ponemon Institute

Ponemon Institute conducts independent research and education that advances information security, data protection, privacy and responsible information management practices within businesses and governments throughout the world. Our mission is to conduct high quality, empirical studies on critical issues that affect the protection of information assets and IT infrastructure. As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards.


Joanie Kindblade, 720-407-6060

Release Summary

A new survey from Ponemon Institute, sponsored by Prevoty, finds that nearly 80 percent of enterprises say that their organization's portfolio of applications has become more vulnerable to attacks.


Joanie Kindblade, 720-407-6060