73% of organisations to increase AppSec investment in 2023

Amidst Log4Shell and other high-profile security incidents this past year, organisations plan to invest more in cybersecurity solutions that show clear ROI in order to protect their customers. Today, Invicti Security released the autumn 2022 edition of its bi-annual AppSec Indicator: Tuning Out AppSec Noise is All About DAST, revealing how modern AppSec solutions, like dynamic application security testing (DAST), offer fewer noisy distractions like false positives and provide more focus. This helps ensure DevSecOps professionals can deliver secure, innovative applications – even when vulnerabilities are rising.

The survey findings revealed:

• 73% of organisations anticipate that they'll increase their AppSec investments in 2023. With economic changes, investing more in modern cybersecurity – specifically DAST – remains a top priority.
• 97% of DevSecOps teams say they ignore a real vulnerability at least once a month because they assume it is a false positive. Cybersecurity solutions offering automation and accuracy help cut through the noise, meaning less time spent on false alarms and manual work.
• 100% of DevSecOps professionals track ROI for their AppSec tools, and many are under pressure to deliver results. To showcase success to leadership, organizations require security solutions that demonstrate concise analytics and remediation guidance.

"With the increasing pressure to push out new software, and the exponential number of possible vulnerabilities and misconfigurations, organisations must have tools that keep their web assets secure," said Frank Catucci, Invicti's Chief Technology Officer and Head of Security Research. "DAST is effective for scanning and measuring various layers of the company's security protection at scale using the same techniques that malicious hackers perpetuate. DAST combined with SCA gives an end-to-end view of directly actionable security debt, ensuring DevSecOps professionals can cut through the noise and focus on the most critical vulnerabilities."

While data theft remains a top concern and vulnerability reports create extra noise, DevSecOps professionals remain optimistic about investing in security measures, and organizations know they need to prioritize cybersecurity budgets now more than ever. With growing cyber attack sophistication and prevalence, it's necessary to be equipped with the right solutions to maintain adequate security coverage and demonstrate security ROI. Learn more about how to prioritise AppSec investments in the full report. 

In conjunction with Wakefield Research, the report is based on a survey of 500 US DevSecOps Professionals. Respondents have a minimum of 5 years of experience at companies with at least 2,000 employees and oversamples of respondents in the following industries: government, healthcare, financial, and education.