Radware’s latest research, conducted with Osterman Research, paints a sobering picture of the current state of application security. The 2025 Cyber Survey shows that while organizations are accelerating digital innovation, their defenses are falling behind, especially when it comes to AI threats, API vulnerabilities, and business logic risks.
One of the most concerning findings is the growing gap between the threat of AI and how prepared organizations are. While 70% of respondents are highly concerned about hackers using AI to enhance attack tools, create larger attack volumes, and launch zero-day exploits, only 8% are currently using AI-based security solutions. That is despite the fact that 81% plan to adopt such tools within the next year.
API ecosystems are also expanding rapidly. API usage is up 42% from 2023, with more than 12% of organizations updating APIs multiple times per day. Yet only 6% have full documentation for all their APIs, and nearly half of respondents admit they do not know what third-party code is running in their applications. This lack of visibility creates a serious risk of exposure to data leakage, unauthorized access, and hidden backdoors.
Business logic attacks are becoming a top concern. These attacks exploit the intended behavior of applications to perform malicious actions like stealing data or abusing discounts. While 81% of respondents agree that real-time protection is essential, only 51% have runtime logic defenses in place. Even more concerning, just 29% of security teams are fully trained to recognize and stop these types of threats.
The use of third-party APIs is nearly universal, with 99% of organizations embedding them into applications. On average, 19 third-party APIs are used per app, up from 16 in 2023. However, only 16% of respondents feel confident in their ability to prevent data breaches tied to these services. Meanwhile, 65% are very concerned about payment data theft and supply chain exploits.
In addition to growing attack sophistication, the cost of downtime is rising fast. A successful application DDoS attack now costs an average of $6,106 per minute. For industries like financial services and healthcare, these disruptions can translate into major revenue losses, brand damage, and even life-threatening consequences.
This report is a wake-up call. Cyber attackers are moving faster and getting smarter, using AI to scale and diversify their methods. Organizations must invest in greater visibility, real-time protection, and staff training to stay ahead. Otherwise, they risk exposing their data, customers, and brand to growing levels of harm.