Almost a Quarter of Orgs Don’t Run Security Checks on Products

A new study from Outpost24 has discovered that almost one in four (23%) organizations do not carry out any form of security testing on their products before they are launched into the market.

The cyber-assessment firm surveyed 121 security professionals at RSA Conference 2019, unearthing a worrying trend whereby application security appears to be taking a back seat in a number of product-producing companies.

In fact, Outpost24 found that 31% of respondents admitted that their organization had knowingly marketed a product with security vulnerabilities just to beat competition, and that 44% of organizations do not introduce security into the app development cycle from the beginning. Only 56% of respondents were sure their company carried out security testing on products before going to market.

“These figures raise concerns about the priority that organizations are placing on security, especially when attempting to beat competition by rushing products to market”, said Bob Egner, VP of Outpost24. “What many of the respondents are clearly forgetting is the damage security vulnerabilities can not only do to an organization’s customers, but also to brand and reputation. If a company ships products which are notoriously flawed with security vulnerabilities then they will not keep their customers for long and may ultimately face legal issues. The value of beating competition can be lost or even reversed.”

Any organization that is developing and marketing products should look to build security into the design stage, Egner added, as the cost to correct them is documented to be smaller at an early stage of the development process. “Taking a secure by design approach will mean security is built into the foundations of a product and will limit the cyber risks faced by users, which will ultimately increase customer satisfaction as well.”

What’s Hot on Infosecurity Magazine?