Veracode: IDG Study Reveals UK Application Security Programmes Lagging Behind US

By   ISBuzz Team
Writer , Information Security Buzz | Jul 22, 2014 05:02 pm PST

Veracode, the application security company, has announced that research conducted by IDG revealed that UK enterprises are lagging behind US enterprises when it comes to application security programmes. The study revealed that on average UK companies are spending approximately 21 percent less than US companies of equal size. The study also found that in the UK, 66 percent of internally developed applications remain untested for critical vulnerabilities such as SQL injection.

Leading enterprises in all industries are delivering new mobile experiences, leveraging the Cloud and Big Data analytics, and digitising their processes. As a result, applications are now the driver of economic growth, and all enterprises are becoming digital businesses. The IDG study showed that, on average, enterprises are internally developing 2,500 applications a year.

In addition to lower spending on application security, the study also showed that UK companies are more likely to focus their application security programmes on only a subset of business-critical apps, rather than the entire application portfolio. Conversely, US organisations are more likely to issue mandates for enterprise-wide application security assessment programmes – making programmes at US enterprises, on average, more mature than those at UK enterprises. When application security programmes do not extend beyond business-critical applications, enterprises leave thousands of applications vulnerable. This creates long-term security threats as cyber-criminals attack the path of least resistance into an IT infrastructure without regard to whether the application was business-critical or a little-used web application.

“Companies are becoming better at securing their networks and endpoints, causing cyber-criminals to focus their efforts on the application-layer. As a result, more than half of all successful breaches are attributed to application-layer vulnerabilities,” said Adrian Beck, manager of security programme management, EMEA. “Closing the security gap between the numbers of apps being produced and number that are assessed for security will help UK companies remain competitive in the new application economy.”

Veracode’s cloud-based service and programmatic approach has helped many of the UK’s top enterprises scale their application security programmes so they can protect more of the applications they are developing and procuring.

The IDG study asked executives at large enterprises about their application security programmes and practices. The purpose of this study was to gain a better understanding of the enterprise application security environment, particularly for internally developed applications. The study also forecasted future application development, changes to security budgets, and application security vulnerabilities.

About Veracode

veracodeVeracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-criminals can find and exploit them, Veracode helps enterprises deliver innovation to market faster – without sacrificing security.

Veracode’s powerful cloud-based platform, deep security expertise and programmatic, best practices approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.

Recognised as a Gartner Magic Quadrant Leader since 2010, Veracode secures hundreds of the world’s largest global enterprises, including 3 of the top 4 banks in the Fortune 100 and more than 25 of the world’s top 100 brands. Learn more at, on the Veracode blog and on Twitter.