Nearly 88% of energy and utilities organizations experienced at least one API-related security incident in the past 12 months.
Key takeaways
API incidents are frequent, with AI-linked attacks already prominent. In the energy and utilities industries, API-related security incidents are an ongoing operational reality. As APIs become more embedded across AI-enabled systems like IoT sensors, smart grids, and customer portals, attacks against those APIs can affect more than individual applications.
Broad API inventories aren’t translating into visibility of sensitive data exposure. About 57% of energy and utilities organizations reported having a full inventory but lacking information on which APIs expose sensitive data.
API security is getting more attention, but execution remains uneven across the lifecycle. As API connections expand and AI-driven initiatives introduce new threats, energy and utilities organizations are paying closer attention to API security. But increased attention doesn’t always translate into mature execution.
Frequently Asked Questions (FAQ)
While 83% of IT teams maintain a full API inventory, only 26% can successfully identify which of those specific APIs return sensitive data like customer addresses or payment information.
Security incidents are rarely isolated events; approximately 96% of the affected energy and utilities organizations faced multiple, repeated API incidents within a single year.
The top sources of incident-related strains are downtime or lost revenue from service unavailability (53%), legal fees (46%), and project delays (44%).
Organizations cited API misconfiguration (50%), authorization vulnerabilities (39%), poor oversight (39%), and vulnerabilities involving APIs linked to generative AI tools or LLMs (37%) as key contributors.
Only 20% of energy and utilities organizations fully integrate security testing across the API SDLC and CI/CD pipelines, leaving an 80% lifecycle maturity gap where testing remains inconsistent.
The top concerns are APIs leaking sensitive information or enabling data exfiltration (51%), attackers exploiting insecure LLM-linked API endpoints (45%), and prompt injection where APIs execute actions based on malicious inputs (43%).