In a recent study conducted by Cycode, it was revealed that 72% of security leaders believe that the era of artificial intelligence (AI) calls for a complete overhaul of how organizations tackle application security. This sense of urgency stems from the staggering statistic that 93 billion lines of code were generated in just the past year, largely driven by GenAI. The massive influx of code has left security teams feeling overwhelmed, with 73% of security leaders acknowledging that “code is everywhere.”
Katie Norton, Research Manager at IDC, further emphasized the importance of code security in today’s complex development and threat landscape. Norton highlighted IDC’s DevSecOps research, which identifies insecure AI-generated code as one of the top challenges in application security for 2024. This aligns with Cycode’s findings and underscores the growing significance of code security as a fundamental component of application security strategies moving into 2025.
One of the key findings from the study was that 59% of respondents feel that the current attack surface is completely unmanageable, with GenAI identified as the top blind spot followed by the exponential growth in code. As a result, 63% of respondents believe that Chief Information Security Officers (CISOs) are not allocating enough resources to code security. Consequently, security budgets are expected to increase by an average of 50% over the next year to address these pressing challenges.
Despite the increase in security budgets, organizations are facing operational hurdles due to the proliferation of security tools. The average enterprise is now using 50 security tools, leading to issues such as a lack of visibility into security and risk posture, alert fatigue, and difficulties in promoting collaboration between security and development teams. Furthermore, organizations with over 61 security tools are struggling to understand where their security budget is being allocated, exacerbating the existing cybersecurity talent gap.
The reliance on numerous security tools also poses challenges in terms of the specialized skills required to effectively manage them. With 83% of security professionals agreeing that an abundance of tools necessitates specialist skills, finding qualified personnel has become increasingly difficult due to the ongoing cybersecurity talent gap. This scarcity of skilled professionals further complicates the balancing act of addressing application security needs while coping with the talent shortage.
In response to these challenges, 88% of security professionals are planning to consolidate their application security tools into a single platform within the next year. Lior Levy, Co-founder and CEO of Cycode, emphasized the need for organizations to reevaluate their approach to application security in light of the evolving threat landscape and growing complexities. Levy underscored the importance of investing in code security while also addressing issues like tool sprawl and an unmanageable attack surface.
Organizations that have implemented an Application Security Posture Management (ASPM) platform have reported significant improvements in their ability to understand and manage overall risk, as well as enhance collaboration between security and development teams. This indicates a positive impact on overall security posture and operational efficiency within these organizations.
The research conducted by Cycode was based on a comprehensive survey of 700 CISOs, AppSec Directors, and DevSecOps managers in the US, UK, and Germany. The insights gleaned from this study provide valuable guidance for organizations looking to navigate the challenges posed by the evolving cybersecurity landscape and the increasing complexity of application security in the age of AI.