We present an analysis of current statistics in the field of application security. Our focus is on providing a clear and concise overview of the latest data, reflecting key trends and insights in this area of cybersecurity.
The statistics compiled here are drawn from reputable and up-to-date sources. We consider a reputable and up-to-date source as one that is recognized for its credibility and expertise in its field and regularly updates its content to reflect the most current information and research.
Application security market
- Statista forecasts a yearly growth rate of 14.14% from 2024 to 2028, predicting a market size of $11.83 billion by 2028.1
- Fortune predicts the global information security market will reach $366.1 billion by 2028. 2
For a list of application security tools, check our data-driven list.
Application vulnerabilities, flaws, and industry gaps
- Application breaches, which often consist of stolen credentials and vulnerabilities, accounted for 25 percent of all violations. This emphasizes the critical need for securing applications, especially in an increasingly digital world.3
- Over 75 percent of applications have at least one flaw. 4
- The number of disclosed vulnerabilities reached 26,447, exceeding the count from the previous year by more than 1,500 CVEs. 5
- A survey by Forrester Research found that 42% of companies suffering from external attacks attributed these incidents to vulnerabilities in software security. Additionally, 35% of these organizations identified the cause as defects in web applications. 6
- 61% of the applications tested were found to have at least one vulnerability of high or critical severity that was not included in the OWASP Top 10 list.7
- 83% of applications exhibit at least one security issue during their initial vulnerability assessment.8
- 32% of security decision-makers adopted Interactive Application Security Testing (IAST) in their development environments.9
- Unpatched vulnerabilities were involved in 60% of data breaches. 10
- 37% of organizations intend to conduct Software Composition Analysis (SCA) during the development phase to mitigate risks associated with vulnerable open-source components.11
- According to the State of DevOps Report by Contrast Security, over 99% of technologists report that applications in production have a minimum of four vulnerabilities.12
Data breaches
- IBM reports that the highest recorded average data breach cost is $4.35 million, while the average ransomware attack cost is $4.54 million. 13
- Verizon’s analysis shows that 70% of 2021 breaches were for financial gains, with less than 5% for espionage.14
- On average, it takes about nine months (277 days) to detect and control a breach, according to IBM. 15
- Check Point and Verizon indicate that 43% of breaches involve insiders, and 30% of breaches involve internal actors. 16
- Mastercard states that 95% of data breaches result from human errors. 17
- IBM highlights that breaches identified and contained within 200 days cost $1.02 million less than those taking longer.18
- Organizations that utilize AI and automation programs were able to identify and contain a breach 28 days faster than those that didn’t. 19
Cost of cyberattacks
- CNBC reports that GDPR fines reached $1.2 billion in 2021.20
- IBM mentions a 41% increase in ransomware-caused breaches, which take 49 days longer than average to manage. 21
- DDoS attacks worldwide in 2023 are estimated to be 15.4M. 22
- Artificial intelligence can mitigate costs in data breaches, saving organizations up to $3.81M per breach.23
For more on cybersecurity practices, tools, and comparisons:
- Top 7 DAST Tools: Analysis of 400+ Reviews
- DAST: Use Cases, Examples, Pros & Cons
- Vulnerability Testing: Importance, Process & Use Cases
FAQ
Reference Links
1.
Application Security - Worldwide | Statista Market Forecast
Statista
2.
Request Sample Pdf - Cybersecurity Market Size, Share, Analysis | Global Report 2032
3.
2025 Data Breach Investigations Report | Verizon
4.
State of Software Security Report 2024 | Veracode
Veracode
5.
NVD - Home
6.
The State Of Application Security, 2020 | Forrester
7.
Gartner® Magic Quadrant for Application Security Testing | OpenText
8.
State of Software Security Report 2024 | Veracode
Veracode
9.
The State Of Application Security, 2020 | Forrester
10.
Ponemon study on gaps in vulnerability response - ServiceNow
11.
The State Of Application Security, 2020 | Forrester
12.
“The State Of DevSecOps Report” Contrast Security
13.
Cost of a data breach 2025 | IBM
14.
2025 Data Breach Investigations Report | Verizon
15.
Cost of a data breach 2025 | IBM
16.
2025 Data Breach Investigations Report | Verizon
17.
“Mastercard Trust Center” Mastercard
18.
Cost of a data breach 2025 | IBM
19.
Cost of a data breach 2025 | IBM
20.
Fines for breaches of EU GDPR privacy law spike sevenfold
CNBC
21.
Cost of a data breach 2025 | IBM
22.
Cisco Annual Internet Report - Cisco Annual Internet Report (2018–2023) White Paper - Cisco
Cisco
23.
Cost of a data breach 2025 | IBM
Principal Analyst

Cem Dilmegani
Principal Analyst
Cem has been the principal analyst at AIMultiple since 2017. AIMultiple informs hundreds of thousands of businesses (as per similarWeb) including 55% of Fortune 500 every month.
Cem's work has been cited by leading global publications including Business Insider, Forbes, Washington Post, global firms like Deloitte, HPE and NGOs like World Economic Forum and supranational organizations like European Commission. You can see more reputable companies and resources that referenced AIMultiple.
Throughout his career, Cem served as a tech consultant, tech buyer and tech entrepreneur. He advised enterprises on their technology decisions at McKinsey & Company and Altman Solon for more than a decade. He also published a McKinsey report on digitalization.
He led technology strategy and procurement of a telco while reporting to the CEO. He has also led commercial growth of deep tech company Hypatos that reached a 7 digit annual recurring revenue and a 9 digit valuation from 0 within 2 years. Cem's work in Hypatos was covered by leading technology publications like TechCrunch and Business Insider.
Cem regularly speaks at international technology conferences. He graduated from Bogazici University as a computer engineer and holds an MBA from Columbia Business School.
View Full ProfileCem's work has been cited by leading global publications including Business Insider, Forbes, Washington Post, global firms like Deloitte, HPE and NGOs like World Economic Forum and supranational organizations like European Commission. You can see more reputable companies and resources that referenced AIMultiple.
Throughout his career, Cem served as a tech consultant, tech buyer and tech entrepreneur. He advised enterprises on their technology decisions at McKinsey & Company and Altman Solon for more than a decade. He also published a McKinsey report on digitalization.
He led technology strategy and procurement of a telco while reporting to the CEO. He has also led commercial growth of deep tech company Hypatos that reached a 7 digit annual recurring revenue and a 9 digit valuation from 0 within 2 years. Cem's work in Hypatos was covered by leading technology publications like TechCrunch and Business Insider.
Cem regularly speaks at international technology conferences. He graduated from Bogazici University as a computer engineer and holds an MBA from Columbia Business School.
Be the first to comment
Your email address will not be published. All fields are required.