56% of the biggest cybersecurity incidents over the past five years were related to web applications

56% of the biggest cybersecurity incidents over the past five years were related to web applications

First of its kind multi-source report also finds that 57% of all known losses for the largest web application incidents over the last five years were attributed to state-affiliated threat actors

Dubai, UAE. 8 August, 2021: Web application exploitsare the biggest cybersecurity risk facing organizations today, according to new research by The Cyentia Institute.

Theconclusion forms part of a new—and first of its kind—F5 Labs-sponsored reportentitled The State of the State of Application Exploits in Security Incidents.

Drawing heavily on the Cyentia Research Library1as well asinput from a range of other datasets, the report is the industry’s most comprehensive multi-source analysis yet of both the frequency and role of application exploits.A key driver behind the report’s publication isto progress how the cybersecurity industry as a whole uses disparate pieces of research to piece together the bigger picture.

In the report, The Cyentia Institute found that 56% of the biggest cybersecurity incidents from the past five years tie back to some form of web application issue. Responding to these incidentscost more than $7,6bn, which represents 42% of all financial losses recorded for “extreme cyber loss events”. Web application attacks were also the leading incident pattern among data breaches for six of the last eight years.

In addition,TheCyentia Institute discovered that the average time-to-discovery for incidents involving web application exploits was 254 days – significantly higher than the 71-day average forother extreme loss events that were studied.

However, one of report’smost eye-catching discoveries was that 57% of all known losses for the largest web application incidents over the last five years were attributed to state-affiliated threat actors. This alone caused $4,3bn in damages.

The data and reports analyzed by The Cyentia Institute also revealeda consensus on key recommendations for security measures, which The Cyentia Institute summarizes as “Fix your code, patch your systems, double up your creds and watch your back(door).”

“All CISOs probably view vulnerability management, access control, and situational awareness as critical aspects of security operations, but in practice these strategies reveal themselves as moving targets,” said Raymond Pompon, Director of F5 Labs.

“We were surprised to see that underneath the surface, ‘the state of the state’ of is not one of discontinuity and fragmentation, but one of consensus about the difficulty of execution. It appears that many security teams know what they need to do, in theory. Putting that theory into practice over time is the real problem here. This is, in reality, quite an eye-opening conclusion. Security teams don’t, in fact, need help figuring out what to do, but rather how to do it.”

Download the report herefor the full analysis.


1The Cyentia Institute curates a repository of over 2,500 publicly posted, data-driven, research reports from across the security industry. It then appliesits data science toolset to extract information from these reports, presenting a public view of them as a benefit for security professionals and researchers.

The library includes links to the original report and does not reproduce the text of the report itself.Future directions of the library include notification services of reports as they are released in a variety of specific topic areas, along with Cyentia’s combination of automated and manual summaries. While these detailed summaries may be included as subscription products, it is our intent that this index of research reports remainsfree. For more information, visit: https://library.cyentia.com/

About F5

F5 (NASDAQ: FFIV) is a multi-cloud application security and delivery company that enables our customers—which include the world’s largest enterprises, financial institutions, service providers, and governments—to bring extraordinary digital experiences to life. For more information, go to f5.com. You can also follow @F5 on Twitter or visit us on LinkedIn and Facebook for more information about F5, its partners, and technologies.

About the Cyentia Institute

Cyentia Institute is an independent, objective, data-driven cybersecurity research firm that provides rigorous scientific research and analysis and writes insightful, accessible reports that provide our clients with meaningful marketing content to build mindshare, drive sales, and attain greater visibility in competitive markets. Our research-as-a-service promotes business growth, and contributes to the knowledge base of the greater cybersecurity community. 

For more information, visit: https://www.cyentia.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s