Invicti Survey Reveals Executive Overconfidence in Web Security

How do web application security policies and programs translate into everyday practice? To find out, Invicti commissioned a global survey of security professionals, covering a variety of roles and industries. The results should be a wake-up call for all security executives who still believe that all their web applications are secure and regularly tested.

Invicti Survey Reveals Executive Overconfidence in Web Security

The survey found numerous areas where executives take a far more optimistic view of web application security than security professionals closer to the front lines of development and cybersecurity. For example, 75% of executives believe their organization scans all web applications for security vulnerabilities, while nearly half of security staff say this is not the case. Such a rosy view of web security can lead to overconfidence in the face of growing security threats.

Even more concerning is that over 60% of DevOps respondents indicate that new security vulnerabilities are being found faster than they can be fixed. This is a clear warning that current web application security efforts are insufficient, yet only a little over 40% of executives are aware of this situation. As a result, over half of organizations are unlikely to take the necessary steps and make the required investments to remedy the situation.

Nearly two-thirds of respondents named web application security as an important focus for their organization – more than any other area of security, including network and endpoint security. Despite this, the remaining results suggest that there is still a huge gap between the theory and practice of web security. In particular, the workflows that are currently in place leave a lot to be desired in terms of efficiency and collaboration.

Read our full report New Vulnerability Found: Executive Overconfidence to discover more eye-opening results from the Invicti survey.

Zbigniew Banach

About the Author

Zbigniew Banach - Technical Content Lead & Managing Editor

Cybersecurity writer and blog managing editor at Invicti Security. Drawing on years of experience with security, software development, content creation, journalism, and technical translation, he does his best to bring web application security and cybersecurity in general to a wider audience.