A new report by data-sharing platform Raidiam has uncovered what it calls an API ‘security crisis’ as over 80% of monitored firms operating outside regulated frameworks have API protections that fall short.
The report, entitled Helping Enterprises Recognise and Address Critical Risk, profiled the security of 68 organisations spanning across fintech, payments SaaS and enterprise platforms.
The findings reveal that while 85% of these organisations handle sensitive or high-value personal and financial data, the vast majority still rely on outdated mechanisms without additional safeguards.
“We’ve all read the recent headlines – API security should not be an afterthought,” said David Oppenheim, head of enterprise strategy at Raidiam.
“The gap between the sensitivity of data and the strength of controls is a board-level risk – not just a technical issue.”
Of the firms profiled that handle payments data or special category personal data, just one organisation reportedly met the benchmark for modern, cryptographic API protection, according to Raidiam.
The report introduces a ‘security vs sensitivity matrix’, mapping organisations’ API protection levels against the sensitivity of the data they expose.
“We found that even firms handling payment and personal data still rely on static API keys and basic secrets. In today’s threat landscape, that’s the digital equivalent of leaving the vault door open,” Oppenheim added.
“In regulated environments like Open Banking, stronger controls like mutual TLS and certificate-bound tokens are already standard. Outside those frameworks, there’s a gaping hole.”
The report arrives at a time of increased industry concern over API risk. Earlier this year, JPMorgan Chase’s chief information and security officer Patrick Opet issued an open letter warning of growing API-driven vulnerabilities in third-party platforms, calling for security to be prioritised over speed in their development roadmaps.
According to American research and advisory firm Gartner, API breaches can leak 10x more data than traditional attacks.
Raidiam’s report outlines a four-step roadmap for improvement, which includes elevating API security to board-level priority and investing in developer awareness and security testing.
Register for Free
Bookmark your favorite posts, get daily updates, and enjoy an ad-reduced experience.
Already have an account? Log in
