US companies face a combined $12 billion to $23 billion in losses in 2022 from compromises linked to Web application programming interfaces (APIs), which have proliferated with the increased adoption of cloud services and DevOps-style development methodologies, according to an analysis of breach data.
In the last decade, API security has grown to become a significant cybersecurity issue. Acknowledging this, the Open Web Security Application Project (OWASP) released a top-10 list of API security issues in 2019, flagging major API weaknesses — such as broken authorization for objects, weak user authentication, and excessive data exposure — as critical issues for software makers and companies that rely on cloud services.